Title: [289534] trunk
- Revision
- 289534
- Author
- [email protected]
- Date
- 2022-02-10 07:49:15 -0800 (Thu, 10 Feb 2022)
Log Message
Check for feature policy when querying permission state
https://bugs.webkit.org/show_bug.cgi?id=236299
Reviewed by Eric Carlson.
LayoutTests/imported/w3c:
* web-platform-tests/permissions/permissions-query-feature-policy-attribute.https.sub-expected.txt:
Source/WebCore:
Added feature policy check for camera, microphone and geolocation, which after https://bugs.webkit.org/show_bug.cgi?id=236292
are the only one returning anything else than NotSupported.
Covered by updated test.
* Modules/permissions/Permissions.cpp:
(WebCore::isAllowedByFeaturePolicy):
(WebCore::Permissions::query):
Modified Paths
Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (289533 => 289534)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2022-02-10 15:45:10 UTC (rev 289533)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2022-02-10 15:49:15 UTC (rev 289534)
@@ -1,3 +1,12 @@
+2022-02-10 Youenn Fablet <[email protected]>
+
+ Check for feature policy when querying permission state
+ https://bugs.webkit.org/show_bug.cgi?id=236299
+
+ Reviewed by Eric Carlson.
+
+ * web-platform-tests/permissions/permissions-query-feature-policy-attribute.https.sub-expected.txt:
+
2022-02-10 Chris Dumez <[email protected]>
Fail synchronously when constructing a SharedWorker with an URL that is not same-origin
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/permissions/permissions-query-feature-policy-attribute.https.sub-expected.txt (289533 => 289534)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/permissions/permissions-query-feature-policy-attribute.https.sub-expected.txt 2022-02-10 15:45:10 UTC (rev 289533)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/permissions/permissions-query-feature-policy-attribute.https.sub-expected.txt 2022-02-10 15:49:15 UTC (rev 289534)
@@ -2,5 +2,5 @@
PASS Permissions.state is "prompt" with allow="geolocation" in same-origin iframes.
PASS Permissions.state is "prompt" with allow="geolocation" in cross-origin iframes.
PASS Permission.state is "prompt" in same-origin iframes.
-FAIL Permission.state is "denied" in cross-origin iframes. assert_equals: navigator.permissions.query("geolocation") expected "denied" but got "prompt"
+PASS Permission.state is "denied" in cross-origin iframes.
Modified: trunk/Source/WebCore/ChangeLog (289533 => 289534)
--- trunk/Source/WebCore/ChangeLog 2022-02-10 15:45:10 UTC (rev 289533)
+++ trunk/Source/WebCore/ChangeLog 2022-02-10 15:49:15 UTC (rev 289534)
@@ -1,5 +1,21 @@
2022-02-10 Youenn Fablet <[email protected]>
+ Check for feature policy when querying permission state
+ https://bugs.webkit.org/show_bug.cgi?id=236299
+
+ Reviewed by Eric Carlson.
+
+ Added feature policy check for camera, microphone and geolocation, which after https://bugs.webkit.org/show_bug.cgi?id=236292
+ are the only one returning anything else than NotSupported.
+
+ Covered by updated test.
+
+ * Modules/permissions/Permissions.cpp:
+ (WebCore::isAllowedByFeaturePolicy):
+ (WebCore::Permissions::query):
+
+2022-02-10 Youenn Fablet <[email protected]>
+
Settling of a fetch promise should be delayed in case page is entering page cache
https://bugs.webkit.org/show_bug.cgi?id=236292
<rdar://88452971>
Modified: trunk/Source/WebCore/Modules/permissions/Permissions.cpp (289533 => 289534)
--- trunk/Source/WebCore/Modules/permissions/Permissions.cpp 2022-02-10 15:45:10 UTC (rev 289533)
+++ trunk/Source/WebCore/Modules/permissions/Permissions.cpp 2022-02-10 15:49:15 UTC (rev 289534)
@@ -27,6 +27,7 @@
#include "Permissions.h"
#include "Exception.h"
+#include "FeaturePolicy.h"
#include "Frame.h"
#include "JSDOMPromiseDeferred.h"
#include "JSPermissionDescriptor.h"
@@ -60,6 +61,20 @@
Permissions::~Permissions() = default;
+static bool isAllowedByFeaturePolicy(const Document& document, PermissionName name)
+{
+ switch (name) {
+ case PermissionName::Camera:
+ return isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Camera, document, LogFeaturePolicyFailure::No);
+ case PermissionName::Geolocation:
+ return isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Geolocation, document, LogFeaturePolicyFailure::No);
+ case PermissionName::Microphone:
+ return isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Microphone, document, LogFeaturePolicyFailure::No);
+ default:
+ return true;
+ }
+}
+
void Permissions::query(JSC::Strong<JSC::JSObject> permissionDescriptorValue, DOMPromiseDeferred<IDLInterface<PermissionStatus>>&& promise)
{
// FIXME: support permissions in WorkerNavigator.
@@ -87,6 +102,13 @@
return;
}
+ if (is<Document>(context) && !isAllowedByFeaturePolicy(downcast<Document>(*context), parameterDescriptor.name)) {
+ context->postTask([parameterDescriptor, promise = WTFMove(promise)](auto& context) mutable {
+ promise.resolve(PermissionStatus::create(context, PermissionState::Denied, parameterDescriptor));
+ });
+ return;
+ }
+
auto* origin = context->securityOrigin();
auto originData = origin ? origin->data() : SecurityOriginData { };
auto permissionState = m_controller->query(ClientOrigin { context->topOrigin().data(), originData }, PermissionDescriptor { parameterDescriptor });
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
