Change FP inheritance #378
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Nov 9, 2020
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Nov 10, 2020
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Nov 11, 2020
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Nov 11, 2020
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2363169 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Nov 11, 2020
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2363169 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408}
pull bot
pushed a commit
to Mu-L/chromium
that referenced
this pull request
Nov 12, 2020
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2363169 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Nov 13, 2020
…a=testonly Automatic update from web-platform-tests Change Feature-Policy header semantics This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2363169 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408} -- wpt-commits: 19f0e5b428566278daf7902c469a540cf1353ea5 wpt-pr: 26459
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Nov 15, 2020
…a=testonly Automatic update from web-platform-tests Change Feature-Policy header semantics This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2363169 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408} -- wpt-commits: 19f0e5b428566278daf7902c469a540cf1353ea5 wpt-pr: 26459
qtprojectorg
pushed a commit
to qt/qtwebengine-chromium
that referenced
this pull request
Feb 16, 2021
Partial cherry-pick (skipping tests) of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/2363169: Change Feature-Policy header semantics This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408} Reviewed-by: Allan Sandfeld Jensen <[email protected]>
mjfroman
pushed a commit
to mjfroman/moz-libwebrtc-third-party
that referenced
this pull request
Oct 14, 2022
This change implements the algorithmic changes for a recent change to the Feature/Permissions policy spec: w3c/webappsec-permissions-policy#378 With this change, the Feature-Policy or Permissions-Policy headers by themselves cannot be used to delegate powerful features to cross-origin iframes; the allow attribute must be used as well. To allow this to still be ergonomic, the default value for the header for powerful features is effectively '*', so that delegation is allowed by the header implicitly. The header can now be used effectively to completely block access to a feature, as any origins not present in the header allowlist cannot be granted the feature through the allow attribute. This also removes some code which previously only existed to track the cases where this change would affect the output of an IsFeatureEnabled call. Several tests will have been modified or rewritten prior to landing this change; this CL depends on the following (though they are all independent, so they are not chained together): - https://crrev.com/c/2424633 - https://crrev.com/c/2424634 - https://crrev.com/c/2424635 - https://crrev.com/c/2424654 - https://crrev.com/c/2424655 - https://crrev.com/c/2424657 - https://crrev.com/c/2425003 - https://crrev.com/c/2425004 (See Patchset 8 for a version with the changes from all of those CLs included.) This CL, while large, can best be understood as the union of the following changes: - Algorithm changes, including the removal of previous "what-if" code and metrics: feature_policy.cc feature_policy.h execution_context.cc - Unit tests to cover those changes: feature_policy_unittest.cc render_frame_host_feature_policy_unittest.cc - Update WPT test expectations to account for the change in behaviour when only the header is used: 3p/b/web_tests/external/wpt/feature-policy/feature-policy-* 3p/b/web_tests/external/wpt/permissions-policy/permissions-policy-* - Update Blink web tests for fullscreen and payment request to validate that both are now working correctly with the new header semantics: 3p/b/web_tests/http/tests/feature-policy/fullscreen* 3p/b/web_tests/http/tests/feature-policy/payment* - Update Blink web tests for the iframe policy JS interface because of new test expectations when features are allowed/disallowed by header: 3p/b/renderer/core/feature_policy/policy_test.cc 3p/b/web_tests/http/tests/feature-policy/policy_iframes.php Bug: 1095641, 937131 Change-Id: Iecbb0950c27a4565998ee5192590d6691a03b4a3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2363169 Reviewed-by: Yoav Weiss <[email protected]> Reviewed-by: Charlie Hu <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Commit-Queue: Ian Clelland <[email protected]> Cr-Commit-Position: refs/heads/master@{#826408} GitOrigin-RevId: d5a2e2f0c728e4a0adc5d3193421900495ef0820
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This modifies the calculation of the inherited policy to allow the Feature-Policy header to completely block origins from being able to use features, even when the iframe's container policy is used to delegate them.
The unused
'none'default allowlist is removed, as the new algorithms would not allow it to ever work, and examples which no longer apply after this change are either removed or updated.Closes: #357