114 lines
5.7 KiB
Diff
114 lines
5.7 KiB
Diff
|
From: uazo <uazo@users.noreply.github.com>
|
||
|
Date: Sat, 29 Jan 2022 15:25:19 +0000
|
||
|
Subject: Enable StrictOriginIsolation and SitePerProcess
|
||
|
|
||
|
Enable the StrictOriginIsolation feature and the SitePerProcess preference.
|
||
|
SitePerProcess: bypass any device memory size check.
|
||
|
SitePerProcess: always consider enterprise policies applicable.
|
||
|
|
||
|
Original License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
|
||
|
License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
|
||
|
---
|
||
|
chrome/browser/about_flags.cc | 3 ---
|
||
|
chrome/browser/chrome_content_browser_client.cc | 4 ++--
|
||
|
chrome/common/chrome_features.cc | 8 ++------
|
||
|
components/site_isolation/site_isolation_policy.cc | 3 +++
|
||
|
content/public/common/content_features.cc | 4 ++--
|
||
|
5 files changed, 9 insertions(+), 13 deletions(-)
|
||
|
|
||
|
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
|
||
|
--- a/chrome/browser/about_flags.cc
|
||
|
+++ b/chrome/browser/about_flags.cc
|
||
|
@@ -5099,9 +5099,6 @@ const FeatureEntry kFeatureEntries[] = {
|
||
|
flag_descriptions::kSiteIsolationForPasswordSitesDescription, kOsAndroid,
|
||
|
FEATURE_VALUE_TYPE(
|
||
|
site_isolation::features::kSiteIsolationForPasswordSites)},
|
||
|
- {"enable-site-per-process", flag_descriptions::kStrictSiteIsolationName,
|
||
|
- flag_descriptions::kStrictSiteIsolationDescription, kOsAndroid,
|
||
|
- SINGLE_VALUE_TYPE(switches::kSitePerProcess)},
|
||
|
#endif
|
||
|
{"enable-isolated-web-apps", flag_descriptions::kEnableIsolatedWebAppsName,
|
||
|
flag_descriptions::kEnableIsolatedWebAppsDescription, kOsDesktop,
|
||
|
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
|
||
|
--- a/chrome/browser/chrome_content_browser_client.cc
|
||
|
+++ b/chrome/browser/chrome_content_browser_client.cc
|
||
|
@@ -1587,7 +1587,7 @@ void ChromeContentBrowserClient::RegisterLocalStatePrefs(
|
||
|
registry->RegisterFilePathPref(prefs::kDiskCacheDir, base::FilePath());
|
||
|
registry->RegisterIntegerPref(prefs::kDiskCacheSize, 0);
|
||
|
registry->RegisterStringPref(prefs::kIsolateOrigins, std::string());
|
||
|
- registry->RegisterBooleanPref(prefs::kSitePerProcess, false);
|
||
|
+ registry->RegisterBooleanPref(prefs::kSitePerProcess, true);
|
||
|
registry->RegisterBooleanPref(prefs::kTabFreezingEnabled, true);
|
||
|
registry->RegisterIntegerPref(prefs::kSCTAuditingHashdanceReportCount, 0);
|
||
|
registry->RegisterBooleanPref(
|
||
|
@@ -1612,7 +1612,7 @@ void ChromeContentBrowserClient::RegisterProfilePrefs(
|
||
|
// user policy in addition to the same named ones in Local State (which are
|
||
|
// used for mapping the command-line flags).
|
||
|
registry->RegisterStringPref(prefs::kIsolateOrigins, std::string());
|
||
|
- registry->RegisterBooleanPref(prefs::kSitePerProcess, false);
|
||
|
+ registry->RegisterBooleanPref(prefs::kSitePerProcess, true);
|
||
|
registry->RegisterListPref(
|
||
|
site_isolation::prefs::kUserTriggeredIsolatedOrigins);
|
||
|
registry->RegisterDictionaryPref(
|
||
|
diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc
|
||
|
--- a/chrome/common/chrome_features.cc
|
||
|
+++ b/chrome/common/chrome_features.cc
|
||
|
@@ -1177,12 +1177,8 @@ const base::FeatureParam<base::TimeDelta> kSCTLogMaxIngestionRandomDelay{
|
||
|
// TODO(alexmos): Move this and the other site isolation features below to
|
||
|
// browser_features, as they are only used on the browser side.
|
||
|
BASE_FEATURE(kSitePerProcess,
|
||
|
- "SitePerProcess",
|
||
|
-#if BUILDFLAG(IS_ANDROID)
|
||
|
- base::FEATURE_DISABLED_BY_DEFAULT
|
||
|
-#else
|
||
|
- base::FEATURE_ENABLED_BY_DEFAULT
|
||
|
-#endif
|
||
|
+ "SitePerProcess", // enabled by default
|
||
|
+ base::FEATURE_ENABLED_BY_DEFAULT // in Bromite
|
||
|
);
|
||
|
|
||
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
||
|
diff --git a/components/site_isolation/site_isolation_policy.cc b/components/site_isolation/site_isolation_policy.cc
|
||
|
--- a/components/site_isolation/site_isolation_policy.cc
|
||
|
+++ b/components/site_isolation/site_isolation_policy.cc
|
||
|
@@ -38,6 +38,7 @@ struct IsolationDisableDecisions {
|
||
|
|
||
|
bool ShouldDisableSiteIsolationDueToMemorySlow(
|
||
|
content::SiteIsolationMode site_isolation_mode) {
|
||
|
+ if ((true)) return false;
|
||
|
// The memory threshold behavior differs for desktop and Android:
|
||
|
// - Android uses a 1900MB default threshold for partial site isolation modes
|
||
|
// and a 3200MB default threshold for strict site isolation. See docs in
|
||
|
@@ -164,6 +165,7 @@ bool SiteIsolationPolicy::IsIsolationForOAuthSitesEnabled() {
|
||
|
|
||
|
// static
|
||
|
bool SiteIsolationPolicy::IsEnterprisePolicyApplicable() {
|
||
|
+ if ((true)) return true;
|
||
|
#if BUILDFLAG(IS_ANDROID)
|
||
|
// https://crbug.com/844118: Limiting policy to devices with > 1GB RAM.
|
||
|
// Using 1077 rather than 1024 because it helps ensure that devices with
|
||
|
@@ -179,6 +181,7 @@ bool SiteIsolationPolicy::IsEnterprisePolicyApplicable() {
|
||
|
// static
|
||
|
bool SiteIsolationPolicy::ShouldDisableSiteIsolationDueToMemoryThreshold(
|
||
|
content::SiteIsolationMode site_isolation_mode) {
|
||
|
+ if ((true)) return false;
|
||
|
if (!g_disallow_memory_threshold_caching_for_testing) {
|
||
|
return CachedDisableSiteIsolation(site_isolation_mode);
|
||
|
}
|
||
|
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
|
||
|
--- a/content/public/common/content_features.cc
|
||
|
+++ b/content/public/common/content_features.cc
|
||
|
@@ -1008,8 +1008,8 @@ BASE_FEATURE(kSpareRendererForSitePerProcess,
|
||
|
// Controls whether site isolation should use origins instead of scheme and
|
||
|
// eTLD+1.
|
||
|
BASE_FEATURE(kStrictOriginIsolation,
|
||
|
- "StrictOriginIsolation",
|
||
|
- base::FEATURE_DISABLED_BY_DEFAULT);
|
||
|
+ "StrictOriginIsolation", // must be enabled
|
||
|
+ base::FEATURE_ENABLED_BY_DEFAULT); // in Bromite
|
||
|
|
||
|
// Disallows window.{alert, prompt, confirm} if triggered inside a subframe that
|
||
|
// is not same origin with the main frame.
|
||
|
--
|
||
|
2.25.1
|