LGTM1
On 1/27/25 6:27 PM, 'Jun Kokatsu' via blink-dev wrote:
On Sunday, January 26, 2025 at 6:45:39 PM UTC-8 Domenic Denicola wrote:
On Friday, January 17, 2025 at 7:42:03 AM UTC+9 Jun Kokatsu wrote:
Contact emailsjkok...@google.com
Specificationhttps://github.com/w3c/webappsec-permissions-policy/pull/546
<https://github.com/w3c/webappsec-permissions-policy/pull/546>
Summary
Introduces a new violation type called "Potential Permissions
Policy violation", which will only look at Permissions Policy
(including report-only policy) and the allow attribute set in
iframes to detect the conflict between Permissions Policy
enforced vs permissions propagated to iframes.
Motivation
Permissions Policy violation reports for cross-origin iframes
are only sent to the iframe's reporting endpoint and not to
the embedder's reporting endpoint, because of the concern that
it might leak sensitive information about a cross-origin
iframe. However, this makes it difficult for sites to enforce
Permissions Policy because it can't learn about breakages in
cross-origin iframes. This feature introduces a new violation
type called "Potential Permissions Policy violation", which
will only look at existing Permissions Policy (including
report-only policy) and the allow attribute set in iframes to
detect the conflict between Permissions Policy enforced vs
permissions being propagated to iframes. Since both
Permissions Policy and allow attributes are set by the
embedder, this feature does not leak any new information to
the embedder. However, potential Permissions Policy violations
will be sent when an iframe is loaded, and not when the iframe
uses the prohibited feature, which is different from the
normal Permissions Policy violations which fires upon a
feature usage (hence the name "potential").
Blink componentBlink>PermissionsPolicy
<https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EPermissionsPolicy%22>
TAG reviewNone
TAG review statusNot applicable
Can you say more why you believe TAG review is not applicable for
this feature? I cannot figure out which exception, if any, it
falls under from this list
<https://www.chromium.org/blink/launching-features/wide-review/#exceptions>.
Sorry, I think I missed this step. I will submit for a TAG review, and
come back to this thread once the TAG review is approved.
FWIW, I don't think we should block on TAG review resolution - but it's
useful to file an issue, in case someone is keeping track of APIs that
do reporting, or have report-only modes.
Risks
Interoperability and Compatibility
None
/Gecko/: No signal
<https://github.com/mozilla/standards-positions/issues/1164>
/WebKit/: No signal
<https://github.com/WebKit/standards-positions/issues/448>
/Web developers/: No signals
Why are we proposing to ship this, if it is not interesting to any
web developers, and has support from no other browsers?
We'd like to mitigate Permission Delegation of powerful permissions to
unintentional sites (e.g. HTML injection in Bing resulted in camera
access in Edge
<https://speakerdeck.com/shhnjk/piloting-edge-copilot?slide=27>) in
Google applications.
So we do have internal developer support. But I'm not sure if there is
external developer support.
/Other signals/:
Security
Potential Permissions Policy violation reports should not
include any new information about cross-origin iframes
WebView application risks
Does this intent deprecate or change behavior of existing
APIs, such that it has potentially high risk for Android
WebView-based applications?
None
Debuggability
None
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?No
Which platform will it not be supported on?
This had to be Yes. I've fixed it in Chrome status.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?https://github.com/web-platform-tests/wpt/pull/49978
<https://github.com/web-platform-tests/wpt/pull/49978>
Flag name on about://flagsNone
Finch feature namePotentialPermissionsPolicyReporting
Requires code in //chrome?False
Tracking bughttps://issues.chromium.org/issues/40941424
<https://issues.chromium.org/issues/40941424>
Estimated milestonesShipping on desktop134
Anticipated spec changes
Open questions about a feature may be a source of future web
compat or interop issues. Please list open issues (e.g. links
to known github issues in the project for the feature
specification) whose resolution may introduce web
compat/interop risk (e.g., changing to naming or structure of
the API in a non-backward-compatible way).
None
Link to entry on the Chrome Platform
Statushttps://chromestatus.com/feature/5154241037205504?gate=5069369228656640
<https://chromestatus.com/feature/5154241037205504?gate=5069369228656640>
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/453d70c8-b1b4-4607-8a76-ff564f00b231n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/453d70c8-b1b4-4607-8a76-ff564f00b231n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ed6a9c9e-7e9a-4e63-9d14-b13c4c9d7425%40chromium.org.
