add BlockBrowserInjectionsByDomain feature flag and put feature behind it

2025-12-18 17:23:37 +00:00 · 2024-12-13 11:06:17 -05:00
parent 05b0dc0b2f
commit 1c6ec55089
12 changed files with 49 additions and 14 deletions
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -1246,7 +1246,7 @@ const safeProviders: SafeProvider[] = [
  safeProvider({
    provide: DomainSettingsService,
    useClass: DefaultDomainSettingsService,
-    deps: [StateProvider],
+    deps: [StateProvider, ConfigService],
  }),
  safeProvider({
    provide: BiometricStateService,
--- a/libs/common/src/autofill/services/domain-settings.service.ts
+++ b/libs/common/src/autofill/services/domain-settings.service.ts
@@ -1,6 +1,9 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { map, Observable } from "rxjs";
+import { combineLatest, map, Observable } from "rxjs";
+
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";

 import {
  NeverDomains,
@@ -81,16 +84,30 @@ export class DefaultDomainSettingsService implements DomainSettingsService {
  private defaultUriMatchStrategyState: ActiveUserState<UriMatchStrategySetting>;
  readonly defaultUriMatchStrategy$: Observable<UriMatchStrategySetting>;

-  constructor(private stateProvider: StateProvider) {
+  constructor(
+    private stateProvider: StateProvider,
+    private configService: ConfigService,
+  ) {
    this.showFaviconsState = this.stateProvider.getGlobal(SHOW_FAVICONS);
    this.showFavicons$ = this.showFaviconsState.state$.pipe(map((x) => x ?? true));

    this.neverDomainsState = this.stateProvider.getGlobal(NEVER_DOMAINS);
    this.neverDomains$ = this.neverDomainsState.state$.pipe(map((x) => x ?? null));

+    // Needs to be global to prevent pre-login injections
    this.blockedInteractionsUrisState = this.stateProvider.getGlobal(BLOCKED_INTERACTIONS_URIS);
-    this.blockedInteractionsUris$ = this.blockedInteractionsUrisState.state$.pipe(
-      map((x) => x ?? null),
+
+    this.blockedInteractionsUris$ = combineLatest([
+      this.blockedInteractionsUrisState.state$,
+      this.configService.getFeatureFlag$(FeatureFlag.BlockBrowserInjectionsByDomain),
+    ]).pipe(
+      map(([blockedUris, blockBrowserInjectionsByDomainEnabled]) => {
+        if (!blockBrowserInjectionsByDomainEnabled) {
+          return null;
+        }
+
+        return blockedUris ?? null;
+      }),
    );

    this.equivalentDomainsState = this.stateProvider.getActive(EQUIVALENT_DOMAINS);
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -27,6 +27,7 @@ export enum FeatureFlag {
  SSHKeyVaultItem = "ssh-key-vault-item",
  SSHAgent = "ssh-agent",
  NotificationBarAddLoginImprovements = "notification-bar-add-login-improvements",
+  BlockBrowserInjectionsByDomain = "block-browser-injections-by-domain",
  AC2476_DeprecateStripeSourcesAPI = "AC-2476-deprecate-stripe-sources-api",
  CipherKeyEncryption = "cipher-key-encryption",
  VerifiedSsoDomainEndpoint = "pm-12337-refactor-sso-details-endpoint",
@@ -81,6 +82,7 @@ export const DefaultFeatureFlagValue = {
  [FeatureFlag.SSHKeyVaultItem]: FALSE,
  [FeatureFlag.SSHAgent]: FALSE,
  [FeatureFlag.NotificationBarAddLoginImprovements]: FALSE,
+  [FeatureFlag.BlockBrowserInjectionsByDomain]: FALSE,
  [FeatureFlag.AC2476_DeprecateStripeSourcesAPI]: FALSE,
  [FeatureFlag.CipherKeyEncryption]: FALSE,
  [FeatureFlag.VerifiedSsoDomainEndpoint]: FALSE,