Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 824b90ee9bc0d7dc0bd0e554e296d6fc899ec2f3 https://github.com/WebKit/WebKit/commit/824b90ee9bc0d7dc0bd0e554e296d6fc899ec2f3 Author: Sihui Liu <sihui_...@apple.com> Date: 2024-05-29 (Wed, 29 May 2024)
Changed paths: M LayoutTests/fullscreen/full-screen-enabled-expected.txt M LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt M LayoutTests/fullscreen/full-screen-enabled-prefixed.html M LayoutTests/fullscreen/full-screen-enabled.html M LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt M LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt M LayoutTests/fullscreen/full-screen-restrictions-expected.txt M LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt M LayoutTests/http/tests/gamepad/gamepad-allow-attribute.https-expected.txt M LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt M LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element-expected.txt M LayoutTests/http/tests/paymentrequest/payment-allow-attribute.https-expected.txt M LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition-expected.txt M LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition-expected.txt M LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt M LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt M LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt M LayoutTests/http/tests/webrtc/enumerateDevicesInFrames.html M LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt M LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt M LayoutTests/http/tests/webxr/webxr-third-party-iframe-issessionsupported-denied-by-insufficient-feature-policy-expected.txt M LayoutTests/http/tests/webxr/webxr-third-party-iframe-makexrcompatible-denied-by-insufficient-feature-policy-expected.txt M LayoutTests/imported/w3c/web-platform-tests/geolocation-API/disabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permission-policy-attribute-redirect-on-load.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/geolocation-API/enabled-on-self-origin-by-permissions-policy.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow-expected.txt M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen-expected.txt M LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-default-permissions-policy.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-disabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt M LayoutTests/imported/w3c/web-platform-tests/web-share/disabled-by-permissions-policy-cross-origin.https.sub-expected.txt M LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/disabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permission-policy-attribute-redirect-on-load.https.sub-expected.txt M LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/enabled-on-self-origin-by-permissions-policy.https.sub-expected.txt M LayoutTests/platform/glib/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt M LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/disabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permission-policy-attribute-redirect-on-load.https.sub-expected.txt M LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permissions-policy.https.sub-expected.txt M LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/enabled-on-self-origin-by-permissions-policy.https.sub-expected.txt M Source/WebCore/Modules/applepay/PaymentSession.cpp M Source/WebCore/Modules/audiosession/DOMAudioSession.cpp M Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp M Source/WebCore/Modules/geolocation/Geolocation.cpp M Source/WebCore/Modules/mediastream/MediaDevices.cpp M Source/WebCore/Modules/mediastream/UserMediaController.cpp M Source/WebCore/Modules/mediastream/UserMediaRequest.cpp M Source/WebCore/Modules/permissions/Permissions.cpp M Source/WebCore/Modules/screen-wake-lock/WakeLock.cpp M Source/WebCore/Modules/speech/SpeechRecognition.cpp M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp M Source/WebCore/Modules/webxr/WebXRSystem.cpp M Source/WebCore/dom/Document.cpp M Source/WebCore/dom/Document.h M Source/WebCore/dom/FullscreenManager.cpp M Source/WebCore/dom/SecurityContext.cpp M Source/WebCore/dom/SecurityContext.h M Source/WebCore/html/HTMLIFrameElement.cpp M Source/WebCore/html/HTMLIFrameElement.h M Source/WebCore/html/PermissionsPolicy.cpp M Source/WebCore/html/PermissionsPolicy.h M Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp M Source/WebCore/loader/FrameLoader.cpp M Source/WebCore/page/LocalDOMWindow.cpp M Source/WebCore/page/Navigator.cpp M Source/WebCore/xml/XMLHttpRequest.cpp Log Message: ----------- Implement PermissionsPolicy check based on latest spec https://bugs.webkit.org/show_bug.cgi?id=274544 rdar://128557367 Reviewed by Youenn Fablet. The existing check (implemented in isPermissionsPolicyAllowedByDocumentAndAllOwners()) visits all ancestors of Document to compute result, which is not possible when Frames and Documents are in different processes with site isolation. According to latest spec, Document only needs to know policy of its parent and policy of its container to compute PermissionsPolicy, as Document stores the computed policy in itself. This makes it possible to implement the check with site isolation. Therefore, this patch updates the implementation to match latest spec. New test pass after change: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow.html imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen.html * LayoutTests/fullscreen/full-screen-enabled-expected.txt: * LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt: * LayoutTests/fullscreen/full-screen-enabled-prefixed.html: The test is modified because latest spec specifies that adding or removing allow attribute on iframe has no effect on already loaded document (see https://html.spec.whatwg.org/#attr-iframe-allowfullscreen). The test should reload document to test changed attribute value. * LayoutTests/fullscreen/full-screen-enabled.html: Ditto. * LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt: * LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt: * LayoutTests/fullscreen/full-screen-restrictions-expected.txt: * LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt: * LayoutTests/http/tests/gamepad/gamepad-allow-attribute.https-expected.txt: * LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt: * LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element-expected.txt: * LayoutTests/http/tests/paymentrequest/payment-allow-attribute.https-expected.txt: * LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition-expected.txt: * LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition-expected.txt: * LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt: * LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt: * LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt: * LayoutTests/http/tests/webrtc/enumerateDevicesInFrames.html: * LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt: * LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt: * LayoutTests/http/tests/webxr/webxr-third-party-iframe-issessionsupported-denied-by-insufficient-feature-policy-expected.txt: * LayoutTests/http/tests/webxr/webxr-third-party-iframe-makexrcompatible-denied-by-insufficient-feature-policy-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/geolocation-API/disabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permission-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/geolocation-API/enabled-on-self-origin-by-permissions-policy.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-default-permissions-policy.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-disabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/web-share/disabled-by-permissions-policy-cross-origin.https.sub-expected.txt: * LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/disabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permission-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/platform/glib/imported/w3c/web-platform-tests/geolocation-API/enabled-on-self-origin-by-permissions-policy.https.sub-expected.txt: * LayoutTests/platform/glib/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/disabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permission-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/enabled-by-permissions-policy.https.sub-expected.txt: * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/geolocation-API/enabled-on-self-origin-by-permissions-policy.https.sub-expected.txt: * Source/WebCore/Modules/applepay/PaymentSession.cpp: (WebCore::PaymentSession::canCreateSession): * Source/WebCore/Modules/audiosession/DOMAudioSession.cpp: (WebCore::DOMAudioSession::setType): (WebCore::DOMAudioSession::type const): (WebCore::DOMAudioSession::state const): (WebCore::DOMAudioSession::scheduleStateChangeEvent): * Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp: * Source/WebCore/Modules/geolocation/Geolocation.cpp: (WebCore::Geolocation::shouldBlockGeolocationRequests): * Source/WebCore/Modules/mediastream/MediaDevices.cpp: (WebCore::checkCameraAccess): (WebCore::checkMicrophoneAccess): (WebCore::checkSpeakerAccess): (WebCore::MediaDevices::listenForDeviceChanges): * Source/WebCore/Modules/mediastream/UserMediaController.cpp: (WebCore::UserMediaController::logEnumerateDevicesDenial): * Source/WebCore/Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::start): * Source/WebCore/Modules/permissions/Permissions.cpp: (WebCore::isAllowedByPermissionsPolicy): * Source/WebCore/Modules/screen-wake-lock/WakeLock.cpp: (WebCore::WakeLock::request): * Source/WebCore/Modules/speech/SpeechRecognition.cpp: (WebCore::SpeechRecognition::startRecognition): * Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::discoverFromExternalSource): * Source/WebCore/Modules/webxr/WebXRSystem.cpp: (WebCore::WebXRSystem::isSessionSupported): (WebCore::WebXRSystem::isFeaturePermitted const): * Source/WebCore/dom/Document.cpp: (WebCore::Document::permissionsPolicy const): (WebCore::Document::securityOriginDidChange): * Source/WebCore/dom/Document.h: * Source/WebCore/dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): (WebCore::FullscreenManager::isFullscreenEnabled const): * Source/WebCore/dom/SecurityContext.cpp: (WebCore::SecurityContext::setSecurityOriginPolicy): * Source/WebCore/dom/SecurityContext.h: (WebCore::SecurityContext::securityOriginDidChange): * Source/WebCore/html/HTMLIFrameElement.cpp: (WebCore::HTMLIFrameElement::attributeChanged): (WebCore::HTMLIFrameElement::permissionsPolicyDirective const): (WebCore::HTMLIFrameElement::permissionsPolicy const): Deleted. * Source/WebCore/html/HTMLIFrameElement.h: * Source/WebCore/html/PermissionsPolicy.cpp: (WebCore::defaultAllowlistValue): (WebCore::isFeatureAllowedByDefaultAllowlist): (WebCore::checkPermissionsPolicy): (WebCore::declaredOrigin): (WebCore::computeFeatureEnabled): (WebCore::parseAllowlist): (WebCore::parsePolicyDirective): (WebCore::PermissionsPolicy::processPermissionsPolicyAttribute): (WebCore::featureValueForOrigin): (WebCore::PermissionsPolicy::computeInheritedPolicyValueInContainer const): (WebCore::index): (WebCore::PermissionsPolicy::inheritedPolicyValueForFeature const): (WebCore::PermissionsPolicy::PermissionsPolicy): (WebCore::PermissionsPolicy::isFeatureEnabled): (WebCore::isPermissionsPolicyAllowedByDocumentAndAllOwners): Deleted. (WebCore::PermissionsPolicy::parseAllowlist): Deleted. (WebCore::PermissionsPolicy::parsePolicyDirective): Deleted. (WebCore::PermissionsPolicy::declaredOrigin const): Deleted. (WebCore::PermissionsPolicy::allows const): Deleted. * Source/WebCore/html/PermissionsPolicy.h: (WebCore::PermissionsPolicy::defaultPolicy): Deleted. (WebCore::PermissionsPolicy::parse): Deleted. * Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::makeXRCompatible): * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::updateRequestAndAddExtraFields): * Source/WebCore/page/LocalDOMWindow.cpp: (WebCore::LocalDOMWindow::isAllowedToUseDeviceMotion const): (WebCore::LocalDOMWindow::isAllowedToUseDeviceOrientation const): * Source/WebCore/page/Navigator.cpp: (WebCore::validateWebSharePolicy): * Source/WebCore/xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::createRequest): Canonical link: https://commits.webkit.org/279452@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes