Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow some fenced frames to inherit permissions #140

Merged
merged 10 commits into from
Dec 11, 2024
Merged

Allow some fenced frames to inherit permissions #140

merged 10 commits into from
Dec 11, 2024

Conversation

blu25
Copy link
Collaborator

@blu25 blu25 commented Jan 22, 2024
edited by pr-preview bot
Loading

See the "Permissions Changes" section of this document for details.

Fenced frames with unpartitioned data access need to be able to allow certain permissions policy-backed features (mainly Shared Storage) in order to function properly. This PR accomplishes that by allowing these fenced frames to inherit permissions policies the way that iframes do, but only allows a select list of permissions policies to be enabled. More specifically, this PR:

  • Introduces the concept of a "fixed permissions policy" and "flexible permissions policy" in a FencedFrameConfig.
  • Removes Derive a permissions policy directly from a fenced frame config instance in favor of a new Create a permissions policy for a fenced navigable algorithm, which handles both "fixed" and "flexible" permissions policies being created in a fenced frame.
  • Renames the fenced parameter used when checking if navigation to a fenced frame should be blocked by permissions policy to matches all. This is done to avoid confusion with the Create a permissions policy for a fenced navigable algorithm and to make it clear that the boolean specifically affects whether a permission will be inherited in the ultimately created permissions policy if the allowlist matches itself or just matches the wildcard *.

Preview | Diff

@blu25 blu25 marked this pull request as ready for review January 22, 2024 18:12
@blu25 blu25 requested a review from domfarolino April 12, 2024 17:50
domfarolino
domfarolino reviewed May 8, 2024
View reviewed changes
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
@domfarolino
Copy link
Collaborator

I took another look at this after finding it my inbox. Feel free to resolve conflicts and formally re-request my review (so it appears in my dashboard) and I'll take another look at this PR.

@blu25 blu25 requested a review from domfarolino September 30, 2024 17:51
@blu25 blu25 self-assigned this Oct 17, 2024
domfarolino
domfarolino reviewed Nov 29, 2024
View reviewed changes
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
@blu25 blu25 requested a review from domfarolino December 6, 2024 23:18
domfarolino
domfarolino reviewed Dec 8, 2024
View reviewed changes
Copy link
Collaborator

@domfarolino domfarolino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're just about there.

spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
@blu25 blu25 requested a review from domfarolino December 11, 2024 19:26
domfarolino
domfarolino approved these changes Dec 11, 2024
View reviewed changes
Copy link
Collaborator

@domfarolino domfarolino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@domfarolino domfarolino merged commit e6288c1 into master Dec 11, 2024
2 checks passed
@domfarolino domfarolino deleted the liam-permissions-inheritance branch December 11, 2024 20:41
github-actions bot added a commit that referenced this pull request Dec 11, 2024
@blu25 @github-actions
Introduce "flexible" permissions policy behavior for script-construct…
6fac5ef 
…ed `FencedFrameConfig`s (#140)

SHA: e6288c1
Reason: push, by domfarolino

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domfarolino domfarolino domfarolino approved these changes

Assignees

@blu25 blu25

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blu25 @domfarolino