[java] Adding remote-allow-origins for Chrome

diemol · diemol · commit 3f7f57cfc8cb · 2023-03-16T15:29:41.000+01:00
Fixes SeleniumHQ#11750
diff --git a/java/src/org/openqa/selenium/chromium/ChromiumOptions.java b/java/src/org/openqa/selenium/chromium/ChromiumOptions.java
@@ -32,6 +32,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.stream.Stream;
@@ -74,6 +75,11 @@ public class ChromiumOptions<T extends ChromiumOptions<?>> extends AbstractDrive
   public ChromiumOptions(String capabilityType, String browserType, String capability) {
     this.capabilityName = capability;
     setCapability(capabilityType, browserType);
+    // Allowing any origin "*" might sound risky but an attacker would need to know
+    // the port used to start DevTools to establish a connection. Given these sessions
+    // are relatively short-lived, the risk is reduced. Also, this will be removed when
+    // we only support Java 11 and above.
+    addArguments("--remote-allow-origins=*");
   }
 
   /**
@@ -125,6 +131,20 @@ public T addArguments(String... arguments) {
    * @param arguments The arguments to use when starting Chrome.
    */
   public T addArguments(List<String> arguments) {
+    /*
+      --remote-allow-origins is being added by default since Chrome 111. We need to check
+      if the argument already exists and then remove it.
+     */
+    String remoteAllowOrigins = "remote-allow-origins";
+    Optional<String> newArg = arguments.stream()
+      .filter(arg -> arg.contains(remoteAllowOrigins))
+      .findFirst();
+    Optional<String> existingArg = args.stream()
+      .filter(arg -> arg.contains(remoteAllowOrigins))
+      .findFirst();
+    if (newArg.isPresent() && existingArg.isPresent()) {
+      args.remove(existingArg.get());
+    }
     args.addAll(arguments);
     return (T) this;
   }
diff --git a/java/test/org/openqa/selenium/grid/node/config/NodeOptionsTest.java b/java/test/org/openqa/selenium/grid/node/config/NodeOptionsTest.java
@@ -467,7 +467,7 @@ void driversCanBeConfiguredWithASpecificArguments() {
     assertThat(reported.get(0).asMap()).asInstanceOf(MAP)
       .extractingByKey(ChromeOptions.CAPABILITY).asInstanceOf(MAP)
       .extractingByKey("args").asInstanceOf(LIST)
-      .containsExactly("--homepage=https://www.selenium.dev");
+      .containsAnyOf("--homepage=https://www.selenium.dev");
   }
 
   @Test

Original file line number	Diff line number	Diff line change
`@@ -467,7 +467,7 @@ void driversCanBeConfiguredWithASpecificArguments() {`
`467`	`467`	`assertThat(reported.get(0).asMap()).asInstanceOf(MAP)`
`468`	`468`	`.extractingByKey(ChromeOptions.CAPABILITY).asInstanceOf(MAP)`
`469`	`469`	`.extractingByKey("args").asInstanceOf(LIST)`
`470`		`- .containsExactly("--homepage=https://www.selenium.dev");`
	`470`	`+ .containsAnyOf("--homepage=https://www.selenium.dev");`
`471`	`471`	`}`
`472`	`472`
`473`	`473`	`@Test`