From 69abc9a1a1bb6334537b89b5dcf980c40d6b8cbf Mon Sep 17 00:00:00 2001
From: Florian Bruhin <git@the-compiler.org>
Date: Mon, 11 Jun 2018 19:44:45 +0200
Subject: [PATCH] Add a content.webrtc_public_interfaces_only option

See #3010
Fixes #2163
---
 doc/help/settings.asciidoc           | 14 ++++++++++++++
 qutebrowser/config/configdata.py     |  1 +
 qutebrowser/config/configdata.yml    | 13 +++++++++++++
 qutebrowser/config/configinit.py     |  3 +++
 tests/unit/config/test_configinit.py | 18 ++++++++++++++++++
 5 files changed, 49 insertions(+)

diff --git a/doc/help/settings.asciidoc b/doc/help/settings.asciidoc
index f581d900c..013e0672a 100644
--- a/doc/help/settings.asciidoc
+++ b/doc/help/settings.asciidoc
@@ -154,6 +154,7 @@
 |<<content.ssl_strict,content.ssl_strict>>|Validate SSL handshakes.
 |<<content.user_stylesheets,content.user_stylesheets>>|List of user stylesheet filenames to use.
 |<<content.webgl,content.webgl>>|Enable WebGL.
+|<<content.webrtc_public_interfaces_only,content.webrtc_public_interfaces_only>>|Only expose public interfaces via WebRTC.
 |<<content.windowed_fullscreen,content.windowed_fullscreen>>|Limit fullscreen to the browser window (does not expand to fill the screen).
 |<<content.xss_auditing,content.xss_auditing>>|Monitor load requests for cross-site scripting attempts.
 |<<downloads.location.directory,downloads.location.directory>>|Directory to save downloads to.
@@ -1983,6 +1984,19 @@ Type: <<types,Bool>>
 
 Default: +pass:[true]+
 
+[[content.webrtc_public_interfaces_only]]
+=== content.webrtc_public_interfaces_only
+Only expose public interfaces via WebRTC.
+On Qt 5.9, this option requires a restart. On Qt 5.10, this option doesn't work at all because of a Qt bug. On Qt >= 5.11, no restart is required.
+
+Type: <<types,Bool>>
+
+Default: +pass:[false]+
+
+On QtWebEngine, this setting requires Qt 5.9.2 or newer.
+
+On QtWebKit, this setting is unavailable.
+
 [[content.windowed_fullscreen]]
 === content.windowed_fullscreen
 Limit fullscreen to the browser window (does not expand to fill the screen).
diff --git a/qutebrowser/config/configdata.py b/qutebrowser/config/configdata.py
index fae1223fa..da3025319 100644
--- a/qutebrowser/config/configdata.py
+++ b/qutebrowser/config/configdata.py
@@ -149,6 +149,7 @@ def _parse_yaml_backends_dict(name, node):
         False: False,
         'Qt 5.8': qtutils.version_check('5.8'),
         'Qt 5.9': qtutils.version_check('5.9'),
+        'Qt 5.9.2': qtutils.version_check('5.9.2'),
         'Qt 5.10': qtutils.version_check('5.10'),
         'Qt 5.11': qtutils.version_check('5.11'),
     }
diff --git a/qutebrowser/config/configdata.yml b/qutebrowser/config/configdata.yml
index c8ce6d184..86b8c4a05 100644
--- a/qutebrowser/config/configdata.yml
+++ b/qutebrowser/config/configdata.yml
@@ -675,6 +675,19 @@ content.webgl:
   supports_pattern: true
   desc: Enable WebGL.
 
+content.webrtc_public_interfaces_only:
+  default: false
+  type: Bool
+  backend:
+    QtWebKit: false
+    QtWebEngine: Qt 5.9.2
+  desc: >-
+    Only expose public interfaces via WebRTC.
+
+    On Qt 5.9, this option requires a restart.
+    On Qt 5.10, this option doesn't work at all because of a Qt bug.
+    On Qt >= 5.11, no restart is required.
+
 content.xss_auditing:
   type: Bool
   default: false
diff --git a/qutebrowser/config/configinit.py b/qutebrowser/config/configinit.py
index cd834f7ab..38adad534 100644
--- a/qutebrowser/config/configinit.py
+++ b/qutebrowser/config/configinit.py
@@ -180,5 +180,8 @@ def qt_args(namespace):
             # On Qt 5.11, we can control this via QWebEngineSettings
             if not config.val.content.autoplay:
                 argv.append('--autoplay-policy=user-gesture-required')
+            if config.val.content.webrtc_public_interfaces_only:
+                argv.append('--force-webrtc-ip-handling-policy='
+                            'default_public_interface_only')
 
     return argv
diff --git a/tests/unit/config/test_configinit.py b/tests/unit/config/test_configinit.py
index c77a714ff..a1c4face6 100644
--- a/tests/unit/config/test_configinit.py
+++ b/tests/unit/config/test_configinit.py
@@ -433,6 +433,24 @@ class TestQtArgs:
         args = configinit.qt_args(parsed)
         assert ('--autoplay-policy=user-gesture-required' in args) == added
 
+    @pytest.mark.parametrize('backend, new_version, public_only, added', [
+        (usertypes.Backend.QtWebEngine, True, True, False),  # new
+        (usertypes.Backend.QtWebKit, False, True, False),  # QtWebKit
+        (usertypes.Backend.QtWebEngine, False, False, False),  # disabled
+        (usertypes.Backend.QtWebEngine, False, True, True),
+    ])
+    def test_webrtc(self, config_stub, monkeypatch, parser,
+                    backend, new_version, public_only, added):
+        config_stub.val.content.webrtc_public_interfaces_only = public_only
+        monkeypatch.setattr(configinit.qtutils, 'version_check',
+                            lambda version, compiled=False: new_version)
+        monkeypatch.setattr(configinit.objects, 'backend', backend)
+
+        parsed = parser.parse_args([])
+        args = configinit.qt_args(parsed)
+        arg = '--force-webrtc-ip-handling-policy=default_public_interface_only'
+        assert (arg in args) == added
+
 
 @pytest.mark.parametrize('arg, confval, used', [
     # overridden by commandline arg