LGTM3 On Wed, Jan 29, 2025 at 7:53 AM Vladimir Levin <vmp...@chromium.org> wrote:
> LGTM2. I think this is a useful improvement over permission policy > violation reporting > > On Tuesday, January 28, 2025 at 10:15:57 AM UTC-5 Mike Taylor wrote: > >> LGTM1 >> On 1/27/25 6:27 PM, 'Jun Kokatsu' via blink-dev wrote: >> >> On Sunday, January 26, 2025 at 6:45:39 PM UTC-8 Domenic Denicola wrote: >> >> >> >> On Friday, January 17, 2025 at 7:42:03 AM UTC+9 Jun Kokatsu wrote: >> >> Contact emailsjkok...@google.com >> >> Specificationhttps://github.com/w3c/webappsec-permissions-policy/pull/546 >> >> >> >> Summary >> >> Introduces a new violation type called "Potential Permissions Policy >> violation", which will only look at Permissions Policy (including >> report-only policy) and the allow attribute set in iframes to detect the >> conflict between Permissions Policy enforced vs permissions propagated to >> iframes. >> >> Motivation >> Permissions Policy violation reports for cross-origin iframes are only >> sent to the iframe's reporting endpoint and not to the embedder's reporting >> endpoint, because of the concern that it might leak sensitive information >> about a cross-origin iframe. However, this makes it difficult for sites to >> enforce Permissions Policy because it can't learn about breakages in >> cross-origin iframes. This feature introduces a new violation type called >> "Potential Permissions Policy violation", which will only look at existing >> Permissions Policy (including report-only policy) and the allow attribute >> set in iframes to detect the conflict between Permissions Policy enforced >> vs permissions being propagated to iframes. Since both Permissions Policy >> and allow attributes are set by the embedder, this feature does not leak >> any new information to the embedder. However, potential Permissions Policy >> violations will be sent when an iframe is loaded, and not when the iframe >> uses the prohibited feature, which is different from the normal Permissions >> Policy violations which fires upon a feature usage (hence the name >> "potential"). >> >> Blink componentBlink>PermissionsPolicy >> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EPermissionsPolicy%22> >> >> TAG reviewNone >> >> TAG review statusNot applicable >> >> >> Can you say more why you believe TAG review is not applicable for this >> feature? I cannot figure out which exception, if any, it falls under from >> this >> list >> <https://www.chromium.org/blink/launching-features/wide-review/#exceptions> >> . >> >> >> Sorry, I think I missed this step. I will submit for a TAG review, and >> come back to this thread once the TAG review is approved. >> >> FWIW, I don't think we should block on TAG review resolution - but it's >> useful to file an issue, in case someone is keeping track of APIs that do >> reporting, or have report-only modes. >> >> >> >> >> >> Risks >> >> >> Interoperability and Compatibility >> >> None >> >> >> *Gecko*: No signal >> <https://github.com/mozilla/standards-positions/issues/1164> >> >> *WebKit*: No signal >> <https://github.com/WebKit/standards-positions/issues/448> >> >> *Web developers*: No signals >> >> >> Why are we proposing to ship this, if it is not interesting to any web >> developers, and has support from no other browsers? >> >> >> We'd like to mitigate Permission Delegation of powerful permissions to >> unintentional sites (e.g. HTML injection in Bing resulted in camera >> access in Edge >> <https://speakerdeck.com/shhnjk/piloting-edge-copilot?slide=27>) in >> Google applications. >> So we do have internal developer support. But I'm not sure if there is >> external developer support. >> >> >> >> >> *Other signals*: >> >> Security >> >> Potential Permissions Policy violation reports should not include any new >> information about cross-origin iframes >> >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> None >> >> >> Debuggability >> >> None >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)?No >> >> >> Which platform will it not be supported on? >> >> >> This had to be Yes. I've fixed it in Chrome status. >> >> >> >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ?https://github.com/web-platform-tests/wpt/pull/49978 >> >> >> >> Flag name on about://flagsNone >> >> Finch feature namePotentialPermissionsPolicyReporting >> >> Requires code in //chrome?False >> >> Tracking bughttps://issues.chromium.org/issues/40941424 >> >> Estimated milestonesShipping on desktop134 >> >> Anticipated spec changes >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> None >> >> Link to entry on the Chrome Platform Statushttps://chromestatus.com/ >> feature/5154241037205504?gate=5069369228656640 >> >> >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/453d70c8-b1b4-4607-8a76-ff564f00b231n%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/453d70c8-b1b4-4607-8a76-ff564f00b231n%40chromium.org?utm_medium=email&utm_source=footer> >> . >> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5f98e6ec-8ea6-4982-ad4c-44d88c48ec3dn%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5f98e6ec-8ea6-4982-ad4c-44d88c48ec3dn%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8%2B9msKfGkoM2D-K-MwO6GdBVcVvnQhG-bPmbN8Qh4-kQ%40mail.gmail.com.
