commit | 53f423e0cb532d1cd6f38cbeacbf5f3205397d10 | [log] [tgz] |
---|---|---|
author | Liam Brady <lbrady@google.com> | Thu Jan 11 17:45:03 2024 |
committer | Blink WPT Bot <blink-w3c-test-autoroller@chromium.org> | Thu Jan 11 18:01:09 2024 |
tree | d152be6d01f12f305ef9b9ff47b9724cd5ba64ff | |
parent | 3a92f8181b1b336fe88a223e6183542457ba0749 [diff] |
Allow non-opaque fenced frames to inherit select permissions. For fenced frames with unpartitioned data access, they will need to use Shared Storage in order to read and write the unpartitioned data. They will also need to be able to call the Private Aggregation API in order to send reports and telemetry without running the risk of introducing a fingerprinting vector. Both of those features are permissions policy-backed features. Fenced frames do not currently support permissions policies, so none of these features will be able to be enabled. The reason we disabled permissions policies originally was to prevent cross-channel communication from the embedder into the fenced frame. However, fenced frames with unpartitioned data do allow for data inflow, just not data outflow. Because of that, we can now allow permissions policies to be enabled on non-opaque fenced frames (i.e. fenced frames not created using Protected Audience or Shared Storage). This CL allows fenced frames to set and inherit permissions policies. Only Shared Storage and Private Aggregation can be turned on. All other permissions policies will be forced off if attempted to be enabled or inherited, and a console warning will be output for debugging purposes. Note that fenced frames created through Protected Audience or Shared Storage will continue to have their existing restrictions, and this CL will not affect their behavior. As a feature of its architecture, MPArch does not have access to permissions policy information in its parent on the renderer side. To give a fenced frame that access, we need to explicitly give it that information through the fenced frame properties. This CL adds the parent frame's parsed permissions policies and its origin to the FencedFrameConfig and FencedFrameProperties objects. This is done instead of just adding the PermissionsPolicy object for IPC reasons. The parsed permissions policies and origin can be sent in an IPC message and are the 2 pieces needed in order to reconstruct a PermissionsPolicy on the renderer-side. This CL also fixes an issue where container policies for fenced frame roots were not taken into consideration when building the permissions policy on the renderer side. This CL explicitly does not modify any permissions policy code related to client hints. That will be done as a follow up if and when we choose to allow client hints in fenced frames. Change-Id: I00e56dc35e07e7dfa16a3b57eb40be384faa8252 Bug: 1515327 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5150117 Commit-Queue: Liam Brady <lbrady@google.com> Reviewed-by: Dominic Farolino <dom@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/main@{#1245934}
The web-platform-tests Project is a cross-browser test suite for the Web-platform stack. Writing tests in a way that allows them to be run in all browsers gives browser projects confidence that they are shipping software that is compatible with other implementations, and that later implementations will be compatible with their implementations. This in turn gives Web authors/developers confidence that they can actually rely on the Web platform to deliver on the promise of working across browsers and devices without needing extra layers of abstraction to paper over the gaps left by specification editors and implementors.
The most important sources of information and activity are:
wpt:matrix.org
matrix channel; includes participants located around the world, but busiest during the European working day.If you'd like clarification about anything, don't hesitate to ask in the chat room or on the mailing list.
Clone or otherwise get https://github.com/web-platform-tests/wpt.
Note: because of the frequent creation and deletion of branches in this repo, it is recommended to “prune” stale branches when fetching updates, i.e. use git pull --prune
(or git fetch -p && git merge
).
See the documentation website and in particular the system setup for running tests locally.
The wpt
command provides a frontend to a variety of tools for working with and running web-platform-tests. Some of the most useful commands are:
wpt serve
- For starting the wpt http serverwpt run
- For running tests in a browserwpt lint
- For running the lint against all testswpt manifest
- For updating or generating a MANIFEST.json
test manifestwpt install
- For installing the latest release of a browser or webdriver server on the local machine.wpt serve-wave
- For starting the wpt http server and the WAVE test runner. For more details on how to use the WAVE test runner see the documentation.On Windows wpt
commands must be prefixed with python
or the path to the python binary (if python
is not in your %PATH%
).
python wpt [command]
Alternatively, you may also use Bash on Ubuntu on Windows in the Windows 10 Anniversary Update build, then access your windows partition from there to launch wpt
commands.
Please make sure git and your text editor do not automatically convert line endings, as it will cause lint errors. For git, please set git config core.autocrlf false
in your working tree.
The master branch is automatically synced to wpt.live and w3c-test.org.
Save the Web, Write Some Tests!
Absolutely everyone is welcome to contribute to test development. No test is too small or too simple, especially if it corresponds to something for which you've noted an interoperability bug in a browser.
The way to contribute is just as usual:
git checkout -b topic
../wpt lint
as described above.If you spot an issue with a test and are not comfortable providing a pull request per above to fix it, please file a new issue. Thank you!