[wip] use CWVWebView embedder in iOS

[kylehickinson]

Do not merge, meant for gathering feedback on this solution's direction

Running list:

Needs Migration

• session restoration data check/migration: SessionTab holds onto WKWebView.interactionState, need to drop it or ignore it while restoring CWVWebView and vice-versa.
• Optional: Swap to Chromium safe browsing implementation
• Optional: Use HTTPS Upgrade tab helpers

Broken Features

• SSL certificate pinning (not supported by Chromium)
• block javascript shield (not supported by Chromium)
• link previews (not supported by Chromium)
• sampled top page color KVO (private API)
• multiple downloads at once (UI-only: progress doesn't show combined, downloads are parallel now)
• redirected loads (getInternalRedirect, loading a new request before cancelling an active load) on pages that fail to load in the end hit DCHECK (e.g. http://api.segment.io will get upgraded to https but the link itself is blocked by PiHole/content blockers)

Cosmetic Issues

Product Changes

• user agent contains CriOS
• error pages now match desktop/android but lose Brave branding
• block scripts shield may be removed
• iPad uses mobile user agent by default, controlled by pref
• Chromium doesnt support link previews

Accesses WebKit

These access -[CWVWebView(Extras) underlyingWebView] or -[CWVWebView(Extras) WKConfiguration] directly and should be migrated over if possible

• content blockers access (WKWebViewConfiguration)
• cookie store access (WKWebViewConfiguration)
• deprecated javascript control preference (WKWebViewConfiguration)
• Sampled page top color (WKWebView - private API)
• PDF data in Leo (WKWebView - private API)
• zoom level (WKWebView - private API). There is FontSizeTabHelper as a replacement but it's worse
• playlist web loader (WKWebView - loadHTMLString), only exposed for testing in Chromium

Cleanup

• remove user agent from BraveCoreMain initializer
• fix unit tests
• fixme's
• optimize patches/overrides
• layering violation fixes
• gn check pass
• presubmit pass
• document what's accessible from CWVWebView

New Feature Support

• Autofill Passwords
• Autofill Credit Cards
• Autofill Addresses

Security Checklist

TBD

[kylehickinson]

This needs to be redefined for cwv_exports.h to properly export the symbols since we're copying public headers as-is

[kylehickinson]

This is done by chromium already https://source.chromium.org/chromium/chromium/src/+/main:ios/web/web_state/ui/crw_wk_ui_handler.mm;l=124

[bridiver]

this AffiliationService seems concerning in general, I asked @ShivanKaul and @pes10k about it because it looks like something we might want to just replace with a no-op implemenation

[kylehickinson]

Right now I don't compile any of the actual affiliation services (I just dont include them in the //brave/ios/web_view target) which is why this implementation is patched out and would return nil always. We'd likely go the route of compiling //ios/web_view as is though before landing this and no-op them with chromium_src overrides

[bridiver]

it looks like this is something to do with credential sharing with apps, but we already disable it by disabling the fetch

[bridiver]

What was the reason this was commented out?

[kylehickinson]

Its commented out because we dont compile the necessary files for it atm (just //ios/web_view/internal/affiliations/web_view_affiliation_service_factory.h/mm at this point)

[bridiver]

This looks a layering violation because I don't think ios/web_view is supposed to access ios/chrome/browser, but I'm a bit confused about why it has a separate ApplicationContext

[kylehickinson]

Discussed in DM but will reiterate here anyways: ios/web_view basically has a whole "app" setup (custom ApplicationContext, custom WebClient, custom factories) because its completely independent from //ios/chrome. This isn't really helpful for us though because we already have the Chrome app setup in place, so we basically have to replace all of ios/web_views implementations with the Chrome ones. This may need better overrides to avoid layering violations though

[bridiver]

why are we adding these here instead of using web_view_sources, etc...?

[kylehickinson]

It was originally to control what was compiled, the hope is to be able to eventually just use //ios/web_view:web_view_sources directly as more chromium_src overrides + patches are added

[bridiver]

is this different from ios_web_view_public_headers in ios/web_view/BUILD.gn? If so it would be better to use +=/-= instead of duplicating

[kylehickinson]

The parts under our own 1 extra public header aren't different but since the original list is defined in a GN file and not GNI I couldn't access them to add into our framework so for now it was duped. If its possible to get to let me know!