[webkit-changes] [WebKit/WebKit] 4be71d: REGRESSION(262616 at main): wpt/permissions-policy/pa...

Chris Dumez noreply at github.com
Thu Jun 29 19:21:49 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4be71d55e77b3a3c6216e19dc23db4504ad93bbc
      https://github.com/WebKit/WebKit/commit/4be71d55e77b3a3c6216e19dc23db4504ad93bbc
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    A LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
    A LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy-payment.html
    M LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy.js
    A LayoutTests/imported/w3c/web-platform-tests/permissions/resources/redirect-on-load.html
    M LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt
    M LayoutTests/platform/glib/TestExpectations
    A LayoutTests/platform/glib/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebCore/html/FeaturePolicy.cpp

  Log Message:
  -----------
  REGRESSION(262616 at main): wpt/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
https://bugs.webkit.org/show_bug.cgi?id=258217
rdar://110907826

Reviewed by Ryosuke Niwa.

According to the specification [1]:
```
The allowlist for the features named in the attribute may be empty; in that
case, the default value for the allowlist is 'src', which represents the origin
of the URL in the iframe’s src attribute.
```

However, in FeaturePolicy's updateList(), we would set the AllowRule's type
to Type::All, which would be equivalent to having an allowlist of '*'.

To address the issue, we now get the iframe's src URL and compute its origin,
we then add this origin to the allowed list of origins. This implements
allowlist 'src' behavior.

[1] https://www.w3.org/TR/permissions-policy/#iframe-allow-attribute

* LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy-payment.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy.js:
(expectFeatureAvailable):
(test_feature_availability):
(test_feature_availability_with_post_message_result):
(run_all_fp_tests_allow_self):
* LayoutTests/imported/w3c/web-platform-tests/permissions/resources/redirect-on-load.html: Added.
Import WPT test coverage.

* Source/WebCore/html/FeaturePolicy.cpp:
(WebCore::updateList):
(WebCore::FeaturePolicy::parse):

Canonical link: https://commits.webkit.org/265641@main

More information about the webkit-changes mailing list