LeOSium_webview/LeOS/patches/Enable-StrictOriginIsolatio...

114 lines
5.7 KiB
Diff
Raw Normal View History

2023-11-18 11:46:19 +01:00
From: uazo <uazo@users.noreply.github.com>
Date: Sat, 29 Jan 2022 15:25:19 +0000
Subject: Enable StrictOriginIsolation and SitePerProcess
Enable the StrictOriginIsolation feature and the SitePerProcess preference.
SitePerProcess: bypass any device memory size check.
SitePerProcess: always consider enterprise policies applicable.
Original License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
---
chrome/browser/about_flags.cc | 3 ---
chrome/browser/chrome_content_browser_client.cc | 4 ++--
chrome/common/chrome_features.cc | 8 ++------
components/site_isolation/site_isolation_policy.cc | 3 +++
content/public/common/content_features.cc | 4 ++--
5 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -5099,9 +5099,6 @@ const FeatureEntry kFeatureEntries[] = {
flag_descriptions::kSiteIsolationForPasswordSitesDescription, kOsAndroid,
FEATURE_VALUE_TYPE(
site_isolation::features::kSiteIsolationForPasswordSites)},
- {"enable-site-per-process", flag_descriptions::kStrictSiteIsolationName,
- flag_descriptions::kStrictSiteIsolationDescription, kOsAndroid,
- SINGLE_VALUE_TYPE(switches::kSitePerProcess)},
#endif
{"enable-isolated-web-apps", flag_descriptions::kEnableIsolatedWebAppsName,
flag_descriptions::kEnableIsolatedWebAppsDescription, kOsDesktop,
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1587,7 +1587,7 @@ void ChromeContentBrowserClient::RegisterLocalStatePrefs(
registry->RegisterFilePathPref(prefs::kDiskCacheDir, base::FilePath());
registry->RegisterIntegerPref(prefs::kDiskCacheSize, 0);
registry->RegisterStringPref(prefs::kIsolateOrigins, std::string());
- registry->RegisterBooleanPref(prefs::kSitePerProcess, false);
+ registry->RegisterBooleanPref(prefs::kSitePerProcess, true);
registry->RegisterBooleanPref(prefs::kTabFreezingEnabled, true);
registry->RegisterIntegerPref(prefs::kSCTAuditingHashdanceReportCount, 0);
registry->RegisterBooleanPref(
@@ -1612,7 +1612,7 @@ void ChromeContentBrowserClient::RegisterProfilePrefs(
// user policy in addition to the same named ones in Local State (which are
// used for mapping the command-line flags).
registry->RegisterStringPref(prefs::kIsolateOrigins, std::string());
- registry->RegisterBooleanPref(prefs::kSitePerProcess, false);
+ registry->RegisterBooleanPref(prefs::kSitePerProcess, true);
registry->RegisterListPref(
site_isolation::prefs::kUserTriggeredIsolatedOrigins);
registry->RegisterDictionaryPref(
diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc
--- a/chrome/common/chrome_features.cc
+++ b/chrome/common/chrome_features.cc
@@ -1177,12 +1177,8 @@ const base::FeatureParam<base::TimeDelta> kSCTLogMaxIngestionRandomDelay{
// TODO(alexmos): Move this and the other site isolation features below to
// browser_features, as they are only used on the browser side.
BASE_FEATURE(kSitePerProcess,
- "SitePerProcess",
-#if BUILDFLAG(IS_ANDROID)
- base::FEATURE_DISABLED_BY_DEFAULT
-#else
- base::FEATURE_ENABLED_BY_DEFAULT
-#endif
+ "SitePerProcess", // enabled by default
+ base::FEATURE_ENABLED_BY_DEFAULT // in Bromite
);
#if BUILDFLAG(IS_CHROMEOS_ASH)
diff --git a/components/site_isolation/site_isolation_policy.cc b/components/site_isolation/site_isolation_policy.cc
--- a/components/site_isolation/site_isolation_policy.cc
+++ b/components/site_isolation/site_isolation_policy.cc
@@ -38,6 +38,7 @@ struct IsolationDisableDecisions {
bool ShouldDisableSiteIsolationDueToMemorySlow(
content::SiteIsolationMode site_isolation_mode) {
+ if ((true)) return false;
// The memory threshold behavior differs for desktop and Android:
// - Android uses a 1900MB default threshold for partial site isolation modes
// and a 3200MB default threshold for strict site isolation. See docs in
@@ -164,6 +165,7 @@ bool SiteIsolationPolicy::IsIsolationForOAuthSitesEnabled() {
// static
bool SiteIsolationPolicy::IsEnterprisePolicyApplicable() {
+ if ((true)) return true;
#if BUILDFLAG(IS_ANDROID)
// https://crbug.com/844118: Limiting policy to devices with > 1GB RAM.
// Using 1077 rather than 1024 because it helps ensure that devices with
@@ -179,6 +181,7 @@ bool SiteIsolationPolicy::IsEnterprisePolicyApplicable() {
// static
bool SiteIsolationPolicy::ShouldDisableSiteIsolationDueToMemoryThreshold(
content::SiteIsolationMode site_isolation_mode) {
+ if ((true)) return false;
if (!g_disallow_memory_threshold_caching_for_testing) {
return CachedDisableSiteIsolation(site_isolation_mode);
}
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -1008,8 +1008,8 @@ BASE_FEATURE(kSpareRendererForSitePerProcess,
// Controls whether site isolation should use origins instead of scheme and
// eTLD+1.
BASE_FEATURE(kStrictOriginIsolation,
- "StrictOriginIsolation",
- base::FEATURE_DISABLED_BY_DEFAULT);
+ "StrictOriginIsolation", // must be enabled
+ base::FEATURE_ENABLED_BY_DEFAULT); // in Bromite
// Disallows window.{alert, prompt, confirm} if triggered inside a subframe that
// is not same origin with the main frame.
--
2.25.1