[webkit-changes] [WebKit/WebKit] 4be71d: REGRESSION(262616@main): wpt/permissions-policy/pa...

[Chris Dumez]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4be71d55e77b3a3c6216e19dc23db4504ad93bbc
      
https://github.com/WebKit/WebKit/commit/4be71d55e77b3a3c6216e19dc23db4504ad93bbc
  Author: Chris Dumez <cdu...@apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    A 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt
    A 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
    A 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy-payment.html
    M 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy.js
    A 
LayoutTests/imported/w3c/web-platform-tests/permissions/resources/redirect-on-load.html
    M 
LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt
    M LayoutTests/platform/glib/TestExpectations
    A 
LayoutTests/platform/glib/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebCore/html/FeaturePolicy.cpp

  Log Message:
  -----------
  REGRESSION(262616@main): 
wpt/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
https://bugs.webkit.org/show_bug.cgi?id=258217
rdar://110907826

Reviewed by Ryosuke Niwa.

According to the specification [1]:
```
The allowlist for the features named in the attribute may be empty; in that
case, the default value for the allowlist is 'src', which represents the origin
of the URL in the iframe’s src attribute.
```

However, in FeaturePolicy's updateList(), we would set the AllowRule's type
to Type::All, which would be equivalent to having an allowlist of '*'.

To address the issue, we now get the iframe's src URL and compute its origin,
we then add this origin to the allowed list of origins. This implements
allowlist 'src' behavior.

[1] https://www.w3.org/TR/permissions-policy/#iframe-allow-attribute

* 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt:
 Added.
* 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html:
 Added.
* 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy-payment.html:
 Added.
* 
LayoutTests/imported/w3c/web-platform-tests/permissions-policy/resources/permissions-policy.js:
(expectFeatureAvailable):
(test_feature_availability):
(test_feature_availability_with_post_message_result):
(run_all_fp_tests_allow_self):
* 
LayoutTests/imported/w3c/web-platform-tests/permissions/resources/redirect-on-load.html:
 Added.
Import WPT test coverage.

* Source/WebCore/html/FeaturePolicy.cpp:
(WebCore::updateList):
(WebCore::FeaturePolicy::parse):

Canonical link: https://commits.webkit.org/265641@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes