Move ParsedPermissionsPolicyDeclaration
from Blink to Network service
The network service is going to need access to the "storage-access" Permissions Policy. This is the third step of moving some of the Permissions Policy logic out of Blink to maintain a single implementation of https://w3c.github.io/webappsec-permissions-policy across Chromium. Bug: 382291442 Low-Coverage-Reason: LARGE_SCALE_REFACTOR Change-Id: Ic6ad87dd4bd6f882a135a0c580d481dc1b219831 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6254141 Reviewed-by: Guido Urdaneta <guidou@chromium.org> Reviewed-by: Rick Byers <rbyers@chromium.org> Reviewed-by: Giovanni Ortuno Urquidi <ortuno@chromium.org> Owners-Override: Rick Byers <rbyers@chromium.org> Reviewed-by: Adam Rice <ricea@chromium.org> Reviewed-by: Ari Chivukula <arichiv@chromium.org> Commit-Queue: Sandor «Alex» Major <sandormajor@chromium.org> Cr-Commit-Position: refs/heads/main@{#1421574}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
daa5659557
commit
878f835180
chrome/browser
ash
shimless_rma
permissions
chrome_permission_manager_unittest.ccpermission_context_base_permissions_policy_unittest.ccpermission_subscription_unittest.cc
web_applications
components
browsing_topics
permissions
DEPSpepc_initiated_permission_request_unittest.ccpermission_manager_unittest.ccpermission_uma_util_unittest.cc
webrtc
content
browser
attribution_reporting
browsing_topics
client_hints
compute_pressure
direct_sockets
fenced_frame
geolocation
interest_group
ad_auction_headers_util_unittest.ccad_auction_service_impl_unittest.ccad_auction_url_loader_interceptor_unittest.cc
permissions
renderer_host
browsing_context_state.ccbrowsing_context_state.hisolated_web_app_throttle_unittest.ccnavigation_request.ccrender_frame_host_delegate.ccrender_frame_host_delegate.hrender_frame_host_impl.ccrender_frame_host_impl.hrender_frame_host_manager.ccrender_frame_host_permissions_policy_unittest.cc
service_worker
shared_storage
site_per_process_browsertest.ccsmart_card
web_contents
webauth
common
public
browser
test
renderer
shell
test
navigation_simulator_impl.ccnavigation_simulator_impl.htest_render_frame.cctest_render_frame_host.cctest_render_frame_host.h
web_test
mojo/public/tools/mojom/mojom/format
services/network/public
third_party/blink
common
public
common
mojom
web
renderer
DEPS
build
scripts
core
BUILD.gn
execution_context
exported
fetch
frame
DEPSlocal_frame_client.hlocal_frame_client_impl.cclocal_frame_client_impl.hremote_frame.ccremote_frame.hweb_frame_test.ccweb_local_frame_client_test.cc
html
client_hints_util.ccclient_hints_util.h
fenced_frame
html_frame_element.cchtml_frame_element.hhtml_frame_element_test.cchtml_frame_owner_element.cchtml_frame_owner_element.hhtml_iframe_element.cchtml_iframe_element.hhtml_iframe_element_test.cchtml_plugin_element.cchtml_plugin_element.hloader
origin_trials
permissions_policy
dom_feature_policy.hiframe_policy.hpermissions_policy_parser.ccpermissions_policy_parser.hpermissions_policy_test.ccpolicy_test.cc
workers
modules
platform
loader
tools
blinkpy
presubmit
@ -37,9 +37,9 @@
|
||||
#include "content/public/test/browser_task_environment.h"
|
||||
#include "content/public/test/fake_service_worker_context.h"
|
||||
#include "extensions/common/constants.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
|
||||
namespace ash::shimless_rma {
|
||||
namespace {
|
||||
@ -327,14 +327,14 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
|
||||
TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
|
||||
IWACanHaveAllowlistedPermissionsPolicy) {
|
||||
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
|
||||
blink::ParsedPermissionsPolicy{
|
||||
{blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::ParsedPermissionsPolicy{
|
||||
{network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kCamera},
|
||||
blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kFullscreen},
|
||||
blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kMicrophone},
|
||||
blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kHid}}});
|
||||
|
||||
auto result = PrepareDiagnosticsAppBrowserContext(
|
||||
@ -348,10 +348,10 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
|
||||
TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
|
||||
IWACannotHavePermissionsPolicyOutsideAllowlist) {
|
||||
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
|
||||
blink::ParsedPermissionsPolicy{
|
||||
blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::ParsedPermissionsPolicy{
|
||||
network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kCamera},
|
||||
{blink::ParsedPermissionsPolicyDeclaration{
|
||||
{network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kNotFound}}});
|
||||
|
||||
auto result = PrepareDiagnosticsAppBrowserContext(
|
||||
@ -371,8 +371,9 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
|
||||
ash::features::kShimlessRMA3pDiagnosticsAllowPermissionPolicy);
|
||||
|
||||
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
|
||||
blink::ParsedPermissionsPolicy{{blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kCamera}}});
|
||||
network::ParsedPermissionsPolicy{
|
||||
{network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kCamera}}});
|
||||
|
||||
auto result = PrepareDiagnosticsAppBrowserContext(
|
||||
base::PathService::CheckedGet(base::DIR_SRC_TEST_DATA_ROOT)
|
||||
@ -392,8 +393,9 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
|
||||
expected_url_origin.GetURL());
|
||||
|
||||
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
|
||||
blink::ParsedPermissionsPolicy{{blink::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kNotFound}}});
|
||||
network::ParsedPermissionsPolicy{
|
||||
{network::ParsedPermissionsPolicyDeclaration{
|
||||
network::mojom::PermissionsPolicyFeature::kNotFound}}});
|
||||
|
||||
auto result = PrepareDiagnosticsAppBrowserContext(
|
||||
base::PathService::CheckedGet(base::DIR_SRC_TEST_DATA_ROOT)
|
||||
|
@ -399,6 +399,7 @@
|
||||
#include "services/network/public/cpp/features.h"
|
||||
#include "services/network/public/cpp/is_potentially_trustworthy.h"
|
||||
#include "services/network/public/cpp/network_switches.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/resource_request.h"
|
||||
#include "services/network/public/cpp/self_deleting_url_loader_factory.h"
|
||||
#include "services/network/public/cpp/web_sandbox_flags.h"
|
||||
@ -2421,7 +2422,7 @@ size_t ChromeContentBrowserClient::GetProcessCountToIgnoreForLimit() {
|
||||
#endif
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
ChromeContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
|
||||
content::WebContents* web_contents,
|
||||
const url::Origin& app_origin) {
|
||||
@ -2441,13 +2442,13 @@ ChromeContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
|
||||
registrar.FindAllAppsNestedInUrl(
|
||||
app_origin.GetURL(), web_app::WebAppFilter::InstalledInChrome());
|
||||
if (app_ids_for_origin.empty()) {
|
||||
return blink::ParsedPermissionsPolicy();
|
||||
return network::ParsedPermissionsPolicy();
|
||||
}
|
||||
|
||||
return registrar.GetPermissionsPolicy(app_ids_for_origin[0]);
|
||||
#else
|
||||
NOTIMPLEMENTED();
|
||||
return blink::ParsedPermissionsPolicy();
|
||||
return network::ParsedPermissionsPolicy();
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -43,6 +43,7 @@
|
||||
#include "pdf/buildflags.h"
|
||||
#include "services/device/public/cpp/geolocation/buildflags.h"
|
||||
#include "services/metrics/public/cpp/ukm_source_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/network_context.mojom.h"
|
||||
#include "services/network/public/mojom/url_loader_factory.mojom.h"
|
||||
#include "services/video_effects/public/cpp/buildflags.h"
|
||||
@ -250,7 +251,7 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
|
||||
const GURL& site_url) override;
|
||||
bool MayReuseHost(content::RenderProcessHost* process_host) override;
|
||||
size_t GetProcessCountToIgnoreForLimit() override;
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(content::WebContents* web_contents,
|
||||
const url::Origin& app_origin) override;
|
||||
bool ShouldTryToUseExistingProcessHost(
|
||||
|
@ -19,6 +19,8 @@
|
||||
#include "content/public/test/navigation_simulator.h"
|
||||
#include "content/public/test/permissions_test_utils.h"
|
||||
#include "extensions/buildflags/buildflags.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
|
||||
class ChromePermissionManagerTest : public ChromeRenderViewHostTestHarness {
|
||||
@ -47,7 +49,7 @@ class ChromePermissionManagerTest : public ChromeRenderViewHostTestHarness {
|
||||
const GURL& origin,
|
||||
network::mojom::PermissionsPolicyFeature feature =
|
||||
network::mojom::PermissionsPolicyFeature::kNotFound) {
|
||||
blink::ParsedPermissionsPolicy frame_policy = {};
|
||||
network::ParsedPermissionsPolicy frame_policy = {};
|
||||
if (feature != network::mojom::PermissionsPolicyFeature::kNotFound) {
|
||||
frame_policy.emplace_back(
|
||||
feature,
|
||||
|
@ -19,6 +19,7 @@
|
||||
#include "content/public/test/navigation_simulator.h"
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
@ -65,7 +66,7 @@ class PermissionContextBasePermissionsPolicyTest
|
||||
const char* origin,
|
||||
network::mojom::PermissionsPolicyFeature feature =
|
||||
network::mojom::PermissionsPolicyFeature::kNotFound) {
|
||||
blink::ParsedPermissionsPolicy frame_policy = {};
|
||||
network::ParsedPermissionsPolicy frame_policy = {};
|
||||
if (feature != network::mojom::PermissionsPolicyFeature::kNotFound) {
|
||||
frame_policy.emplace_back(
|
||||
feature,
|
||||
|
@ -19,6 +19,7 @@
|
||||
#include "content/public/test/navigation_simulator.h"
|
||||
#include "content/public/test/permissions_test_utils.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "third_party/blink/public/common/permissions/permission_utils.h"
|
||||
#include "url/origin.h"
|
||||
@ -114,7 +115,7 @@ class PermissionSubscriptionTest : public ChromeRenderViewHostTestHarness {
|
||||
content::RenderFrameHost* parent,
|
||||
const GURL& origin,
|
||||
PermissionsPolicyFeature feature = PermissionsPolicyFeature::kNotFound) {
|
||||
blink::ParsedPermissionsPolicy frame_policy = {};
|
||||
network::ParsedPermissionsPolicy frame_policy = {};
|
||||
if (feature != PermissionsPolicyFeature::kNotFound) {
|
||||
frame_policy.emplace_back(
|
||||
feature,
|
||||
|
@ -49,11 +49,11 @@
|
||||
#include "net/test/embedded_test_server/http_response.h"
|
||||
#include "net/test/embedded_test_server/request_handler_util.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "skia/ext/codec_utils.h"
|
||||
#include "third_party/abseil-cpp/absl/types/variant.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest_util.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
|
||||
#include "third_party/skia/include/core/SkBitmap.h"
|
||||
@ -390,7 +390,7 @@ blink::mojom::ManifestPtr ManifestBuilder::ToBlinkManifest(
|
||||
}
|
||||
|
||||
for (const auto& policy : permissions_policy_) {
|
||||
blink::ParsedPermissionsPolicyDeclaration decl;
|
||||
network::ParsedPermissionsPolicyDeclaration decl;
|
||||
decl.feature = policy.first;
|
||||
if (policy.second.wildcard) {
|
||||
decl.matches_all_origins = true;
|
||||
|
@ -86,10 +86,10 @@
|
||||
#include "content/public/browser/service_worker_context.h"
|
||||
#include "content/public/browser/storage_partition.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/abseil-cpp/absl/types/variant.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
|
||||
#include "third_party/blink/public/common/safe_url_pattern.h"
|
||||
#include "third_party/blink/public/common/storage_key/storage_key.h"
|
||||
@ -237,7 +237,7 @@ apps::ShareTarget CreateRandomShareTarget(uint32_t suffix) {
|
||||
return share_target;
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreateRandomPermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy CreateRandomPermissionsPolicy(
|
||||
RandomHelper& random) {
|
||||
const int num_permissions_policy_declarations =
|
||||
random.next_uint(test_features.size());
|
||||
@ -248,7 +248,7 @@ blink::ParsedPermissionsPolicy CreateRandomPermissionsPolicy(
|
||||
std::default_random_engine rng;
|
||||
std::shuffle(available_features.begin(), available_features.end(), rng);
|
||||
|
||||
blink::ParsedPermissionsPolicy permissions_policy(
|
||||
network::ParsedPermissionsPolicy permissions_policy(
|
||||
num_permissions_policy_declarations);
|
||||
const auto& feature_name_map = blink::GetPermissionsPolicyNameToFeatureMap();
|
||||
for (int i = 0; i < num_permissions_policy_declarations; ++i) {
|
||||
|
@ -41,9 +41,9 @@
|
||||
#include "components/sync/protocol/proto_value_conversions.h"
|
||||
#include "components/sync/protocol/web_app_specifics.pb.h"
|
||||
#include "components/webapps/browser/installable/installable_metrics.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/abseil-cpp/absl/types/variant.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest_util.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
|
||||
#include "third_party/blink/public/common/safe_url_pattern.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom-shared.h"
|
||||
@ -732,7 +732,7 @@ void WebApp::SetParentAppId(
|
||||
}
|
||||
|
||||
void WebApp::SetPermissionsPolicy(
|
||||
blink::ParsedPermissionsPolicy permissions_policy) {
|
||||
network::ParsedPermissionsPolicy permissions_policy) {
|
||||
permissions_policy_ = std::move(permissions_policy);
|
||||
}
|
||||
|
||||
@ -1277,7 +1277,7 @@ bool operator!=(const WebAppOsIntegrationState& os_integration_state1,
|
||||
} // namespace proto
|
||||
|
||||
std::vector<std::string> GetSerializedAllowedOrigins(
|
||||
const blink::ParsedPermissionsPolicyDeclaration
|
||||
const network::ParsedPermissionsPolicyDeclaration
|
||||
permissions_policy_declaration) {
|
||||
std::vector<std::string> allowed_origins;
|
||||
if (permissions_policy_declaration.self_if_matches) {
|
||||
|
@ -41,8 +41,8 @@
|
||||
#include "components/sync/model/string_ordinal.h"
|
||||
#include "components/sync/protocol/web_app_specifics.pb.h"
|
||||
#include "components/webapps/common/web_app_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/manifest/capture_links.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/manifest/display_mode.mojom-shared.h"
|
||||
#include "third_party/skia/include/core/SkColor.h"
|
||||
@ -272,7 +272,7 @@ class WebApp {
|
||||
return parent_app_id_;
|
||||
}
|
||||
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy() const {
|
||||
const network::ParsedPermissionsPolicy& permissions_policy() const {
|
||||
return permissions_policy_;
|
||||
}
|
||||
|
||||
@ -451,7 +451,8 @@ class WebApp {
|
||||
void SetWindowControlsOverlayEnabled(bool enabled);
|
||||
void SetLaunchHandler(std::optional<LaunchHandler> launch_handler);
|
||||
void SetParentAppId(const std::optional<webapps::AppId>& parent_app_id);
|
||||
void SetPermissionsPolicy(blink::ParsedPermissionsPolicy permissions_policy);
|
||||
void SetPermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy permissions_policy);
|
||||
void SetLatestInstallSource(
|
||||
std::optional<webapps::WebappInstallSource> latest_install_source);
|
||||
void SetAppSizeInBytes(std::optional<int64_t> app_size_in_bytes);
|
||||
@ -573,7 +574,7 @@ class WebApp {
|
||||
bool window_controls_overlay_enabled_ = false;
|
||||
std::optional<LaunchHandler> launch_handler_;
|
||||
std::optional<webapps::AppId> parent_app_id_;
|
||||
blink::ParsedPermissionsPolicy permissions_policy_;
|
||||
network::ParsedPermissionsPolicy permissions_policy_;
|
||||
// The source of the latest install. WebAppRegistrar provides range
|
||||
// validation. Optional only to support legacy installations, since this used
|
||||
// to be tracked as a pref. It might also be null if the value read from the
|
||||
@ -672,7 +673,7 @@ bool operator!=(const WebAppOsIntegrationState& os_integration_state1,
|
||||
} // namespace proto
|
||||
|
||||
std::vector<std::string> GetSerializedAllowedOrigins(
|
||||
const blink::ParsedPermissionsPolicyDeclaration
|
||||
const network::ParsedPermissionsPolicyDeclaration
|
||||
permissions_policy_declaration);
|
||||
|
||||
} // namespace web_app
|
||||
|
@ -60,9 +60,9 @@
|
||||
#include "components/webapps/browser/installable/installable_metrics.h"
|
||||
#include "components/webapps/common/web_app_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/abseil-cpp/absl/types/variant.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
|
||||
#include "third_party/blink/public/common/safe_url_pattern.h"
|
||||
#include "third_party/blink/public/mojom/manifest/capture_links.mojom.h"
|
||||
@ -1594,11 +1594,11 @@ std::unique_ptr<WebApp> WebAppDatabase::CreateWebApp(
|
||||
}
|
||||
|
||||
if (local_data.permissions_policy_size()) {
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
const auto& name_to_feature_map =
|
||||
blink::GetPermissionsPolicyNameToFeatureMap();
|
||||
for (const auto& decl_proto : local_data.permissions_policy()) {
|
||||
blink::ParsedPermissionsPolicyDeclaration decl;
|
||||
network::ParsedPermissionsPolicyDeclaration decl;
|
||||
const auto feature_enum = name_to_feature_map.find(decl_proto.feature());
|
||||
if (feature_enum == name_to_feature_map.end())
|
||||
continue;
|
||||
|
@ -61,11 +61,11 @@
|
||||
#include "components/web_package/signed_web_bundles/ed25519_signature.h"
|
||||
#include "components/web_package/signed_web_bundles/signed_web_bundle_signature_stack_entry.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/abseil-cpp/absl/types/variant.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/gurl.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
@ -986,7 +986,7 @@ class WebAppDatabaseProtoDataTest : public ::testing::Test {
|
||||
}
|
||||
|
||||
std::unique_ptr<WebApp> CreateWebAppWithPermissionsPolicy(
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy) {
|
||||
const network::ParsedPermissionsPolicy& permissions_policy) {
|
||||
std::unique_ptr<WebApp> web_app = CreateMinimalWebApp();
|
||||
web_app->SetPermissionsPolicy(permissions_policy);
|
||||
return web_app;
|
||||
@ -1262,7 +1262,7 @@ TEST_F(WebAppDatabaseProtoDataTest, SavesIsolationDataUpdateInfo) {
|
||||
}
|
||||
|
||||
TEST_F(WebAppDatabaseProtoDataTest, PermissionsPolicyRoundTrip) {
|
||||
const blink::ParsedPermissionsPolicy policy = {
|
||||
const network::ParsedPermissionsPolicy policy = {
|
||||
{network::mojom::PermissionsPolicyFeature::kGyroscope,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
@ -1292,7 +1292,7 @@ TEST_F(WebAppDatabaseProtoDataTest, PermissionsPolicyRoundTrip) {
|
||||
}
|
||||
|
||||
TEST_F(WebAppDatabaseProtoDataTest, PermissionsPolicyProto) {
|
||||
const blink::ParsedPermissionsPolicy policy = {
|
||||
const network::ParsedPermissionsPolicy policy = {
|
||||
{network::mojom::PermissionsPolicyFeature::kGyroscope,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
|
@ -27,8 +27,8 @@
|
||||
#include "components/services/app_service/public/cpp/protocol_handler_info.h"
|
||||
#include "components/services/app_service/public/cpp/share_target.h"
|
||||
#include "components/webapps/common/web_app_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/manifest/capture_links.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/manifest/display_mode.mojom.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
|
||||
@ -417,7 +417,7 @@ struct WebAppInstallInfo {
|
||||
|
||||
// The declared permissions policy to apply as the baseline policy for all
|
||||
// documents belonging to the application.
|
||||
blink::ParsedPermissionsPolicy permissions_policy;
|
||||
network::ParsedPermissionsPolicy permissions_policy;
|
||||
|
||||
// See ExternallyManagedAppManager for placeholder app documentation.
|
||||
// Intended to be a temporary app while we wait for the install_url to
|
||||
|
@ -69,10 +69,10 @@
|
||||
#include "content/public/common/content_features.h"
|
||||
#include "mojo/public/cpp/bindings/struct_ptr.h"
|
||||
#include "net/http/http_util.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/manifest/display_mode.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
|
||||
@ -802,7 +802,7 @@ void UpdateWebAppInfoFromManifest(const blink::mojom::Manifest& manifest,
|
||||
|
||||
web_app_info->permissions_policy.clear();
|
||||
for (const auto& decl : manifest.permissions_policy) {
|
||||
blink::ParsedPermissionsPolicyDeclaration copy;
|
||||
network::ParsedPermissionsPolicyDeclaration copy;
|
||||
copy.feature = decl.feature;
|
||||
copy.self_if_matches = decl.self_if_matches;
|
||||
for (const auto& origin : decl.allowed_origins)
|
||||
|
@ -37,12 +37,12 @@
|
||||
#include "components/services/app_service/public/cpp/share_target.h"
|
||||
#include "mojo/public/cpp/bindings/struct_ptr.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/manifest/display_mode.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
|
||||
@ -158,7 +158,7 @@ TEST(WebAppInstallUtils, UpdateWebAppInfoFromManifest) {
|
||||
}
|
||||
|
||||
{
|
||||
blink::ParsedPermissionsPolicyDeclaration declaration;
|
||||
network::ParsedPermissionsPolicyDeclaration declaration;
|
||||
declaration.feature = network::mojom::PermissionsPolicyFeature::kFullscreen;
|
||||
declaration.allowed_origins = {
|
||||
*network::OriginWithPossibleWildcards::FromOrigin(
|
||||
|
@ -53,6 +53,7 @@
|
||||
#include "content/public/browser/isolated_web_apps_policy.h"
|
||||
#include "content/public/browser/storage_partition_config.h"
|
||||
#include "content/public/common/content_features.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/manifest/manifest_util.h"
|
||||
#include "url/gurl.h"
|
||||
@ -166,11 +167,11 @@ WebAppRegistrar::~WebAppRegistrar() {
|
||||
}
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy WebAppRegistrar::GetPermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy WebAppRegistrar::GetPermissionsPolicy(
|
||||
const webapps::AppId& app_id) const {
|
||||
auto* web_app = GetAppById(app_id);
|
||||
return web_app ? web_app->permissions_policy()
|
||||
: blink::ParsedPermissionsPolicy();
|
||||
: network::ParsedPermissionsPolicy();
|
||||
}
|
||||
|
||||
bool WebAppRegistrar::IsPlaceholderApp(
|
||||
|
@ -34,6 +34,7 @@
|
||||
#include "components/services/app_service/public/cpp/file_handler.h"
|
||||
#include "components/services/app_service/public/cpp/protocol_handler_info.h"
|
||||
#include "components/webapps/common/web_app_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/mojom/installedapp/related_application.mojom.h"
|
||||
#include "third_party/skia/include/core/SkColor.h"
|
||||
@ -185,7 +186,7 @@ class WebAppRegistrar {
|
||||
// the app with |app_id|. This permissions policy is not yet parsed by the
|
||||
// PermissionsPolicyParser, and thus may contain invalid permissions and/or
|
||||
// origin allowlists.
|
||||
blink::ParsedPermissionsPolicy GetPermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy GetPermissionsPolicy(
|
||||
const webapps::AppId& app_id) const;
|
||||
|
||||
// Returns true if there exists a currently installed app that has been
|
||||
|
@ -39,7 +39,6 @@
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/gurl.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
|
@ -25,6 +25,8 @@
|
||||
#include "services/metrics/public/cpp/metrics_utils.h"
|
||||
#include "services/metrics/public/cpp/ukm_builders.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
|
||||
namespace browsing_topics {
|
||||
|
||||
@ -89,7 +91,7 @@ class BrowsingTopicsPageLoadDataTrackerTest
|
||||
simulator->SetSocketAddress(net::IPEndPoint(address, /*port=*/0));
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
|
||||
if (!browsing_topics_permissions_policy_allowed) {
|
||||
policy.emplace_back(
|
||||
|
@ -31,6 +31,7 @@ include_rules = [
|
||||
"+sql",
|
||||
"+services/network/public/cpp/is_potentially_trustworthy.h",
|
||||
"+services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h",
|
||||
"+services/network/public/cpp/permissions_policy/permissions_policy_declaration.h",
|
||||
"+third_party/blink/public/common/bluetooth/web_bluetooth_device_id.h",
|
||||
"+third_party/blink/public/common/permissions/permission_utils.h",
|
||||
"+third_party/blink/public/common/permissions_policy/permissions_policy.h",
|
||||
|
@ -22,6 +22,8 @@
|
||||
#include "content/public/test/test_browser_context.h"
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/mojom/permissions/permission.mojom.h"
|
||||
@ -269,7 +271,7 @@ TEST_F(PEPCInitiatedPermissionRequestTest,
|
||||
prompt_factory()->set_response_type(
|
||||
PermissionRequestManager::AutoResponseType::ACCEPT_ALL);
|
||||
|
||||
blink::ParsedPermissionsPolicy frame_policy;
|
||||
network::ParsedPermissionsPolicy frame_policy;
|
||||
frame_policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kMicrophone,
|
||||
/*allowed_origins=*/
|
||||
@ -299,7 +301,7 @@ TEST_F(PEPCInitiatedPermissionRequestTest,
|
||||
|
||||
TEST_F(PEPCInitiatedPermissionRequestTest,
|
||||
PEPCRequestBlockedWithoutFeaturePolicy) {
|
||||
blink::ParsedPermissionsPolicy frame_policy;
|
||||
network::ParsedPermissionsPolicy frame_policy;
|
||||
frame_policy.push_back({network::mojom::PermissionsPolicyFeature::kMicrophone,
|
||||
/*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOrigin(
|
||||
|
@ -29,6 +29,7 @@
|
||||
#include "content/public/test/test_browser_context.h"
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions/permission_utils.h"
|
||||
@ -258,7 +259,7 @@ class PermissionManagerTest : public content::RenderViewHostTestHarness {
|
||||
content::RenderFrameHost* parent,
|
||||
const GURL& origin,
|
||||
PermissionsPolicyFeature feature = PermissionsPolicyFeature::kNotFound) {
|
||||
blink::ParsedPermissionsPolicy frame_policy = {};
|
||||
network::ParsedPermissionsPolicy frame_policy = {};
|
||||
if (feature != PermissionsPolicyFeature::kNotFound) {
|
||||
frame_policy.emplace_back(
|
||||
feature,
|
||||
|
@ -31,6 +31,7 @@
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "content/test/test_render_frame_host.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
|
||||
@ -52,7 +53,7 @@ constexpr const char* kGeolocationPermissionsPolicyActionHistogramName =
|
||||
"Permissions.Action.Geolocation.CrossOriginFrame."
|
||||
"TopLevelHeaderPolicy";
|
||||
|
||||
blink::ParsedPermissionsPolicy CreatePermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy CreatePermissionsPolicy(
|
||||
network::mojom::PermissionsPolicyFeature feature,
|
||||
const std::vector<std::string>& origins,
|
||||
bool matches_all_origins = false) {
|
||||
@ -137,7 +138,7 @@ class PermissionsDelegationUmaUtilTest
|
||||
content::RenderFrameHost* AddChildFrameWithPermissionsPolicy(
|
||||
content::RenderFrameHost* parent,
|
||||
const char* origin,
|
||||
blink::ParsedPermissionsPolicy policy) {
|
||||
network::ParsedPermissionsPolicy policy) {
|
||||
content::RenderFrameHost* result =
|
||||
content::RenderFrameHostTester::For(parent)->AppendChildWithPolicy(
|
||||
"", policy);
|
||||
@ -150,7 +151,7 @@ class PermissionsDelegationUmaUtilTest
|
||||
// The permissions policy is invariant and required the page to be
|
||||
// refreshed
|
||||
void RefreshAndSetPermissionsPolicy(content::RenderFrameHost** rfh,
|
||||
blink::ParsedPermissionsPolicy policy) {
|
||||
network::ParsedPermissionsPolicy policy) {
|
||||
content::RenderFrameHost* current = *rfh;
|
||||
auto navigation = content::NavigationSimulator::CreateRendererInitiated(
|
||||
current->GetLastCommittedURL(), current);
|
||||
@ -770,7 +771,7 @@ TEST_P(PermissionsDelegationUmaUtilTest, TopLevelFrame) {
|
||||
base::HistogramTester histograms;
|
||||
auto* main_frame = GetMainFrameAndNavigate(kTopLevelUrl);
|
||||
auto feature = PermissionUtil::GetPermissionsPolicyFeature(type);
|
||||
blink::ParsedPermissionsPolicy top_policy;
|
||||
network::ParsedPermissionsPolicy top_policy;
|
||||
if (feature.has_value() &&
|
||||
(GetParam().matches_all_origins || !GetParam().origins.empty())) {
|
||||
top_policy = CreatePermissionsPolicy(
|
||||
@ -866,7 +867,7 @@ TEST_P(CrossFramePermissionsDelegationUmaUtilTest, CrossOriginFrame) {
|
||||
base::HistogramTester histograms;
|
||||
auto* main_frame = GetMainFrameAndNavigate(kTopLevelUrl);
|
||||
auto feature = PermissionUtil::GetPermissionsPolicyFeature(type);
|
||||
blink::ParsedPermissionsPolicy top_policy;
|
||||
network::ParsedPermissionsPolicy top_policy;
|
||||
if (feature.has_value() &&
|
||||
(GetParam().matches_all_origins || !GetParam().origins.empty())) {
|
||||
top_policy = CreatePermissionsPolicy(
|
||||
@ -881,7 +882,7 @@ TEST_P(CrossFramePermissionsDelegationUmaUtilTest, CrossOriginFrame) {
|
||||
}
|
||||
|
||||
// Add nested subframes A(B(C))
|
||||
blink::ParsedPermissionsPolicy empty_policy;
|
||||
network::ParsedPermissionsPolicy empty_policy;
|
||||
auto* child_frame = AddChildFrameWithPermissionsPolicy(
|
||||
main_frame, kCrossOriginFrameUrl,
|
||||
feature.has_value()
|
||||
|
@ -6,6 +6,7 @@ include_rules = [
|
||||
"+content/public/test",
|
||||
"+net",
|
||||
"+services/network/public/cpp/is_potentially_trustworthy.h",
|
||||
"+services/network/public/mojom/permissions_policy",
|
||||
"+third_party/blink/public/common",
|
||||
"+third_party/blink/public/mojom",
|
||||
"+third_party/webrtc",
|
||||
|
@ -37,11 +37,11 @@
|
||||
#include "mojo/public/cpp/test_support/fake_message_dispatch_context.h"
|
||||
#include "mojo/public/cpp/test_support/test_utils.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
#include "third_party/blink/public/mojom/conversions/conversions.mojom.h"
|
||||
#include "url/gurl.h"
|
||||
@ -134,9 +134,9 @@ class AttributionHostTest : public RenderViewHostTestHarness {
|
||||
fenced_frame_node->set_fenced_frame_properties(new_props);
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
|
||||
const url::Origin& allowed_origin) {
|
||||
return {blink::ParsedPermissionsPolicyDeclaration(
|
||||
return {network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kAttributionReporting,
|
||||
/*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOrigin(allowed_origin)},
|
||||
|
@ -21,10 +21,10 @@
|
||||
#include "content/test/navigation_simulator_impl.h"
|
||||
#include "content/test/test_web_contents.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/attribution.mojom-shared.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/gurl.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
@ -55,12 +55,12 @@ class AttributionSuitableContextTest : public RenderViewHostTestHarness {
|
||||
return scoped_feature_list_;
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
|
||||
const GURL& allowed_url) {
|
||||
const auto origin = network::OriginWithPossibleWildcards::FromOrigin(
|
||||
url::Origin::Create(allowed_url));
|
||||
CHECK(origin.has_value());
|
||||
return {blink::ParsedPermissionsPolicyDeclaration(
|
||||
return {network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kAttributionReporting,
|
||||
/*allowed_origins=*/{origin.value()},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
|
@ -18,9 +18,11 @@
|
||||
#include "mojo/public/cpp/system/functions.h"
|
||||
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/weak_wrapper_shared_url_loader_factory.h"
|
||||
#include "services/network/public/cpp/wrapper_shared_url_loader_factory.h"
|
||||
#include "services/network/public/mojom/parsed_headers.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/test/test_url_loader_factory.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "third_party/blink/public/mojom/browsing_topics/browsing_topics.mojom.h"
|
||||
@ -172,7 +174,7 @@ class BrowsingTopicsURLLoaderTest : public RenderViewHostTestHarness {
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(url, web_contents());
|
||||
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kBrowsingTopics,
|
||||
/*allowed_origins=*/
|
||||
|
@ -51,6 +51,8 @@
|
||||
#include "services/network/public/cpp/client_hints.h"
|
||||
#include "services/network/public/cpp/is_potentially_trustworthy.h"
|
||||
#include "services/network/public/cpp/network_quality_tracker.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/public/mojom/web_client_hints_types.mojom-shared.h"
|
||||
#include "third_party/blink/public/common/client_hints/client_hints.h"
|
||||
#include "third_party/blink/public/common/client_hints/enabled_client_hints.h"
|
||||
@ -629,7 +631,7 @@ bool IsJavascriptEnabled(FrameTreeNode* frame_tree_node) {
|
||||
// TODO(crbug.com/40208054): Replace w/ generic HTML policy modification.
|
||||
void UpdateIFramePermissionsPolicyWithDelegationSupportForClientHints(
|
||||
ClientHintsExtendedData& data,
|
||||
const blink::ParsedPermissionsPolicy& container_policy) {
|
||||
const network::ParsedPermissionsPolicy& container_policy) {
|
||||
if (container_policy.empty()) {
|
||||
return;
|
||||
}
|
||||
@ -637,7 +639,7 @@ void UpdateIFramePermissionsPolicyWithDelegationSupportForClientHints(
|
||||
// For client hints specifically, we need to allow the container policy
|
||||
// to overwrite the parent policy so that permissions policies set in HTML
|
||||
// via an accept-ch meta tag can be respected.
|
||||
blink::ParsedPermissionsPolicy client_hints_container_policy;
|
||||
network::ParsedPermissionsPolicy client_hints_container_policy;
|
||||
for (const auto& container_policy_item : container_policy) {
|
||||
const auto& it = blink::GetPolicyFeatureToClientHintMap().find(
|
||||
container_policy_item.feature);
|
||||
@ -678,7 +680,7 @@ void UpdateNavigationRequestClientUaHeadersImpl(
|
||||
FrameTreeNode* frame_tree_node,
|
||||
ClientUaHeaderCallType call_type,
|
||||
net::HttpRequestHeaders* headers,
|
||||
const blink::ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const std::optional<GURL>& request_url,
|
||||
const ClientHintsExtendedData& data) {
|
||||
std::optional<blink::UserAgentMetadata> ua_metadata;
|
||||
@ -840,7 +842,7 @@ void AddRequestClientHintsHeaders(
|
||||
ClientHintsControllerDelegate* delegate,
|
||||
bool is_ua_override_on,
|
||||
FrameTreeNode* frame_tree_node,
|
||||
const blink::ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const std::optional<GURL>& request_url) {
|
||||
ClientHintsExtendedData data(origin, frame_tree_node, delegate, request_url);
|
||||
UpdateIFramePermissionsPolicyWithDelegationSupportForClientHints(
|
||||
@ -947,7 +949,7 @@ void AddNavigationRequestClientHintsHeaders(
|
||||
ClientHintsControllerDelegate* delegate,
|
||||
bool is_ua_override_on,
|
||||
FrameTreeNode* frame_tree_node,
|
||||
const blink::ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const std::optional<GURL>& request_url) {
|
||||
DCHECK(frame_tree_node);
|
||||
DCHECK_CURRENTLY_ON(BrowserThread::UI);
|
||||
|
@ -11,8 +11,8 @@
|
||||
#include "content/common/content_export.h"
|
||||
#include "content/public/browser/client_hints_controller_delegate.h"
|
||||
#include "net/http/http_request_headers.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/parsed_headers.mojom-forward.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "url/gurl.h"
|
||||
|
||||
namespace net {
|
||||
@ -90,7 +90,7 @@ CONTENT_EXPORT void AddNavigationRequestClientHintsHeaders(
|
||||
ClientHintsControllerDelegate* delegate,
|
||||
bool is_ua_override_on,
|
||||
FrameTreeNode*,
|
||||
const blink::ParsedPermissionsPolicy&,
|
||||
const network::ParsedPermissionsPolicy&,
|
||||
const std::optional<GURL>& request_url = std::nullopt);
|
||||
|
||||
// Adds client hints headers for a prefetch navigation that is not associated
|
||||
|
@ -26,10 +26,10 @@
|
||||
#include "services/device/public/cpp/test/scoped_pressure_manager_overrider.h"
|
||||
#include "services/device/public/mojom/pressure_manager.mojom.h"
|
||||
#include "services/device/public/mojom/pressure_update.mojom.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/compute_pressure/web_pressure_manager.mojom.h"
|
||||
#include "url/gurl.h"
|
||||
|
||||
@ -283,7 +283,7 @@ TEST_F(PressureServiceForFrameTest, PermissionsPolicyBlock) {
|
||||
// made once on page load, so we refresh the page to simulate that.
|
||||
RenderFrameHost* rfh =
|
||||
static_cast<RenderFrameHost*>(contents()->GetPrimaryMainFrame());
|
||||
blink::ParsedPermissionsPolicy permissions_policy(1);
|
||||
network::ParsedPermissionsPolicy permissions_policy(1);
|
||||
permissions_policy[0].feature =
|
||||
network::mojom::PermissionsPolicyFeature::kComputePressure;
|
||||
auto navigation_simulator = NavigationSimulator::CreateRendererInitiated(
|
||||
|
@ -28,10 +28,10 @@
|
||||
#include "services/device/public/mojom/pressure_manager.mojom.h"
|
||||
#include "services/device/public/mojom/pressure_update.mojom.h"
|
||||
#include "services/metrics/public/cpp/ukm_source_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
#include "third_party/blink/public/mojom/compute_pressure/web_pressure_manager.mojom.h"
|
||||
#include "url/gurl.h"
|
||||
@ -222,7 +222,7 @@ TEST_F(PressureServiceForDedicatedWorkerTest,
|
||||
TEST_F(PressureServiceForDedicatedWorkerTest, PermissionsPolicyBlock) {
|
||||
// Make compute pressure blocked by permissions policy and it can only be
|
||||
// made once on page load, so we refresh the page to simulate that.
|
||||
blink::ParsedPermissionsPolicy permissions_policy(1);
|
||||
network::ParsedPermissionsPolicy permissions_policy(1);
|
||||
permissions_policy[0].feature =
|
||||
network::mojom::PermissionsPolicyFeature::kComputePressure;
|
||||
auto navigation_simulator =
|
||||
@ -344,7 +344,7 @@ TEST_F(PressureServiceForSharedWorkerTest, WebContentPressureManagerProxyTest) {
|
||||
TEST_F(PressureServiceForSharedWorkerTest, PermissionsPolicyBlock) {
|
||||
// Make compute pressure blocked by permissions policy and it can only be
|
||||
// made once on page load, so we refresh the page to simulate that.
|
||||
blink::ParsedPermissionsPolicy permissions_policy(1);
|
||||
network::ParsedPermissionsPolicy permissions_policy(1);
|
||||
permissions_policy[0].feature =
|
||||
network::mojom::PermissionsPolicyFeature::kComputePressure;
|
||||
auto navigation_simulator =
|
||||
@ -364,7 +364,7 @@ TEST_F(PressureServiceForSharedWorkerTest,
|
||||
|
||||
auto web_contents = TestWebContents::Create(browser_context(), nullptr);
|
||||
auto* rfh = web_contents->GetPrimaryMainFrame();
|
||||
blink::ParsedPermissionsPolicy permissions_policy(1);
|
||||
network::ParsedPermissionsPolicy permissions_policy(1);
|
||||
permissions_policy[0].feature =
|
||||
network::mojom::PermissionsPolicyFeature::kComputePressure;
|
||||
auto navigation_simulator =
|
||||
|
@ -41,14 +41,15 @@
|
||||
#include "net/test/embedded_test_server/embedded_test_server.h"
|
||||
#include "net/traffic_annotation/network_traffic_annotation.h"
|
||||
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/clear_data_filter.mojom.h"
|
||||
#include "services/network/public/mojom/host_resolver.mojom.h"
|
||||
#include "services/network/public/mojom/network_context.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/public/mojom/tcp_socket.mojom.h"
|
||||
#include "testing/gmock/include/gmock/gmock-matchers.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/gurl.h"
|
||||
|
||||
#if BUILDFLAG(IS_CHROMEOS)
|
||||
@ -743,11 +744,11 @@ class NoCoiPermissionIsolatedWebAppContentBrowserClient
|
||||
const url::Origin& isolated_app_origin)
|
||||
: IsolatedWebAppContentBrowserClient(isolated_app_origin) {}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) override {
|
||||
return {{blink::ParsedPermissionsPolicyDeclaration(
|
||||
return {{network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kDirectSockets,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/app_origin,
|
||||
|
@ -14,9 +14,9 @@
|
||||
#include "content/public/test/browser_test_utils.h"
|
||||
#include "content/public/test/web_contents_tester.h"
|
||||
#include "net/dns/host_resolver.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/clear_data_filter.mojom.h"
|
||||
#include "services/network/public/mojom/udp_socket.mojom.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
namespace content::test {
|
||||
@ -170,23 +170,23 @@ bool IsolatedWebAppContentBrowserClient::ShouldUrlUseApplicationIsolationLevel(
|
||||
return isolated_app_origin_ == url::Origin::Create(url);
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
IsolatedWebAppContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) {
|
||||
blink::ParsedPermissionsPolicyDeclaration coi_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration coi_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true, /*matches_opaque_src=*/false);
|
||||
|
||||
blink::ParsedPermissionsPolicyDeclaration sockets_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration sockets_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kDirectSockets,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/app_origin,
|
||||
/*matches_all_origins=*/false, /*matches_opaque_src=*/false);
|
||||
|
||||
blink::ParsedPermissionsPolicyDeclaration sockets_pna_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration sockets_pna_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kDirectSocketsPrivate,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/app_origin,
|
||||
|
@ -23,6 +23,7 @@
|
||||
#include "mojo/public/cpp/bindings/pending_receiver.h"
|
||||
#include "mojo/public/cpp/bindings/receiver.h"
|
||||
#include "mojo/public/cpp/bindings/remote.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/test/test_network_context_with_host_resolver.h"
|
||||
#include "services/network/test/test_restricted_udp_socket.h"
|
||||
#include "services/network/test/test_udp_socket.h"
|
||||
@ -181,7 +182,7 @@ class IsolatedWebAppContentBrowserClient
|
||||
bool ShouldUrlUseApplicationIsolationLevel(BrowserContext* browser_context,
|
||||
const GURL& url) override;
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
|
||||
const url::Origin& app_origin) override;
|
||||
|
||||
|
@ -10,10 +10,10 @@
|
||||
#include "base/strings/string_util.h"
|
||||
#include "base/uuid.h"
|
||||
#include "content/browser/fenced_frame/fenced_frame_reporter.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/frame/fenced_frame_permissions_policies.h"
|
||||
#include "third_party/blink/public/common/interest_group/ad_auction_constants.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
|
||||
namespace content {
|
||||
|
||||
@ -362,7 +362,7 @@ void FencedFrameProperties::UpdateParentParsedPermissionsPolicy(
|
||||
// loaded through any other means, the vector remains empty.
|
||||
CHECK_EQ(effective_enabled_permissions_.size(), 0u);
|
||||
CHECK(parent_policy);
|
||||
std::vector<blink::ParsedPermissionsPolicyDeclaration> parsed_policies;
|
||||
std::vector<network::ParsedPermissionsPolicyDeclaration> parsed_policies;
|
||||
for (auto feature : blink::kFencedFrameAllowedFeatures) {
|
||||
const blink::PermissionsPolicy::Allowlist allow_list =
|
||||
parent_policy->GetAllowlistForFeature(feature);
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include "services/device/public/mojom/geolocation_context.mojom.h"
|
||||
#include "services/device/public/mojom/geoposition.mojom.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions/permission_utils.h"
|
||||
@ -106,7 +107,7 @@ class GeolocationServiceTest : public RenderViewHostImplTestHarness {
|
||||
void CreateEmbeddedFrameAndGeolocationService(
|
||||
bool allow_via_permissions_policy) {
|
||||
const GURL kEmbeddedUrl("https://embeddables.com/someframe");
|
||||
blink::ParsedPermissionsPolicy frame_policy = {};
|
||||
network::ParsedPermissionsPolicy frame_policy = {};
|
||||
if (allow_via_permissions_policy) {
|
||||
frame_policy.push_back(
|
||||
{network::mojom::PermissionsPolicyFeature::kGeolocation,
|
||||
|
@ -28,7 +28,9 @@
|
||||
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
|
||||
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/resource_request.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "url/gurl.h"
|
||||
@ -70,8 +72,8 @@ class InterceptingContentBrowserClient : public ContentBrowserClient {
|
||||
bool interest_group_allowed_by_settings_ = false;
|
||||
};
|
||||
|
||||
blink::ParsedPermissionsPolicy CreatePermissivePolicy() {
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy CreatePermissivePolicy() {
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kRunAdAuction,
|
||||
/*allowed_origins=*/
|
||||
@ -85,8 +87,8 @@ blink::ParsedPermissionsPolicy CreatePermissivePolicy() {
|
||||
return policy;
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreateRestrictivePolicy() {
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy CreateRestrictivePolicy() {
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kRunAdAuction,
|
||||
/*allowed_origins=*/std::vector<network::OriginWithPossibleWildcards>(),
|
||||
|
@ -92,6 +92,8 @@
|
||||
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
|
||||
#include "services/network/network_service.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
@ -9799,7 +9801,7 @@ function reportResult() {
|
||||
// seller origin C should fail.
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kSharedStorage,
|
||||
/*allowed_origins=*/
|
||||
@ -10000,7 +10002,7 @@ function scoreAd(
|
||||
{
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
|
||||
/*allowed_origins=*/
|
||||
@ -10026,7 +10028,7 @@ function scoreAd(
|
||||
{
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
|
||||
/*allowed_origins=*/
|
||||
@ -10087,7 +10089,7 @@ function scoreAd(
|
||||
{
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
|
||||
/*allowed_origins=*/
|
||||
@ -10113,7 +10115,7 @@ function scoreAd(
|
||||
{
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
|
||||
/*allowed_origins=*/
|
||||
|
@ -25,10 +25,12 @@
|
||||
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
|
||||
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/weak_wrapper_shared_url_loader_factory.h"
|
||||
#include "services/network/public/cpp/wrapper_shared_url_loader_factory.h"
|
||||
#include "services/network/public/mojom/early_hints.mojom.h"
|
||||
#include "services/network/public/mojom/parsed_headers.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/test/test_url_loader_factory.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
|
||||
@ -240,7 +242,7 @@ class AdAuctionURLLoaderInterceptorTest : public RenderViewHostTestHarness {
|
||||
auto simulator =
|
||||
NavigationSimulator::CreateBrowserInitiated(url, web_contents());
|
||||
|
||||
blink::ParsedPermissionsPolicy policy;
|
||||
network::ParsedPermissionsPolicy policy;
|
||||
policy.emplace_back(
|
||||
network::mojom::PermissionsPolicyFeature::kRunAdAuction,
|
||||
/*allowed_origins=*/
|
||||
|
@ -18,6 +18,8 @@
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "content/public/test/web_contents_tester.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions/permission_utils.h"
|
||||
@ -564,7 +566,7 @@ class PermissionControllerImplWithDelegateTest
|
||||
const GURL& origin,
|
||||
network::mojom::PermissionsPolicyFeature feature =
|
||||
network::mojom::PermissionsPolicyFeature::kNotFound) {
|
||||
blink::ParsedPermissionsPolicy frame_policy = {};
|
||||
network::ParsedPermissionsPolicy frame_policy = {};
|
||||
if (feature != network::mojom::PermissionsPolicyFeature::kNotFound) {
|
||||
frame_policy.emplace_back(
|
||||
feature,
|
||||
|
@ -10,6 +10,7 @@
|
||||
#include "content/browser/renderer_host/render_view_host_impl.h"
|
||||
#include "content/browser/site_instance_impl.h"
|
||||
#include "content/common/content_navigation_policy.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/web_sandbox_flags.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom.h"
|
||||
|
||||
@ -175,7 +176,7 @@ size_t BrowsingContextState::GetProxyCount() {
|
||||
|
||||
bool BrowsingContextState::UpdateFramePolicyHeaders(
|
||||
network::mojom::WebSandboxFlags sandbox_flags,
|
||||
const blink::ParsedPermissionsPolicy& parsed_header) {
|
||||
const network::ParsedPermissionsPolicy& parsed_header) {
|
||||
bool changed = false;
|
||||
if (replication_state_->permissions_policy_header != parsed_header) {
|
||||
replication_state_->permissions_policy_header = parsed_header;
|
||||
|
@ -14,6 +14,7 @@
|
||||
#include "content/browser/security/coop/coop_related_group.h"
|
||||
#include "content/browser/site_instance_group.h"
|
||||
#include "content/public/browser/browsing_instance_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/frame/frame_replication_state.mojom-forward.h"
|
||||
#include "third_party/perfetto/include/perfetto/tracing/traced_value_forward.h"
|
||||
|
||||
@ -218,7 +219,7 @@ class CONTENT_EXPORT BrowsingContextState
|
||||
// or permissions policy.
|
||||
bool UpdateFramePolicyHeaders(
|
||||
network::mojom::WebSandboxFlags sandbox_flags,
|
||||
const blink::ParsedPermissionsPolicy& parsed_header);
|
||||
const network::ParsedPermissionsPolicy& parsed_header);
|
||||
|
||||
// Notify all of the proxies about the updated FramePolicy, excluding the
|
||||
// parent, as it will already know.
|
||||
|
@ -23,9 +23,9 @@
|
||||
#include "content/test/navigation_simulator_impl.h"
|
||||
#include "content/test/test_render_frame_host.h"
|
||||
#include "net/base/net_errors.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "ui/base/page_transition_types.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
@ -97,11 +97,11 @@ class IsolatedWebAppContentBrowserClient : public ContentBrowserClient {
|
||||
|
||||
bool AreIsolatedWebAppsEnabled(BrowserContext*) override { return true; }
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) override {
|
||||
return {{blink::ParsedPermissionsPolicyDeclaration(
|
||||
return {{network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
|
@ -161,12 +161,14 @@
|
||||
#include "services/network/public/cpp/features.h"
|
||||
#include "services/network/public/cpp/header_util.h"
|
||||
#include "services/network/public/cpp/is_potentially_trustworthy.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/resource_request_body.h"
|
||||
#include "services/network/public/cpp/supports_loading_mode/supports_loading_mode_parser.h"
|
||||
#include "services/network/public/cpp/url_loader_completion_status.h"
|
||||
#include "services/network/public/cpp/web_sandbox_flags.h"
|
||||
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
|
||||
#include "services/network/public/mojom/fetch_api.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/public/mojom/supports_loading_mode.mojom.h"
|
||||
#include "services/network/public/mojom/url_response_head.mojom-forward.h"
|
||||
#include "services/network/public/mojom/url_response_head.mojom-shared.h"
|
||||
@ -189,7 +191,6 @@
|
||||
#include "third_party/blink/public/common/navigation/navigation_policy.h"
|
||||
#include "third_party/blink/public/common/origin_trials/trial_token_validator.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/document_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_features.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
|
||||
#include "third_party/blink/public/common/renderer_preferences/renderer_preferences.h"
|
||||
@ -9565,11 +9566,11 @@ bool NavigationRequest::IsFencedFrameRequiredPolicyFeatureAllowed(
|
||||
// explicitly enabled for `origin`, or the policy must by default
|
||||
// be enabled for all origins. Note: because the policies have not been
|
||||
// read into a RenderFrameHost's permissions_policy_ yet, we need to check
|
||||
// the ParsedPermissionsPolicyDeclaration object directly.
|
||||
// the network::ParsedPermissionsPolicyDeclaration object directly.
|
||||
auto policy_iter = std::find_if(
|
||||
commit_params_->frame_policy.container_policy.begin(),
|
||||
commit_params_->frame_policy.container_policy.end(),
|
||||
[feature](const blink::ParsedPermissionsPolicyDeclaration& d) {
|
||||
[feature](const network::ParsedPermissionsPolicyDeclaration& d) {
|
||||
return d.feature == feature;
|
||||
});
|
||||
if (policy_iter == commit_params_->frame_policy.container_policy.end()) {
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include "content/public/browser/cookie_access_details.h"
|
||||
#include "content/public/browser/trust_token_access_details.h"
|
||||
#include "ipc/ipc_message.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/frame/fullscreen.mojom.h"
|
||||
#include "third_party/blink/public/mojom/frame/text_autosizer_page_info.mojom.h"
|
||||
#include "third_party/blink/public/mojom/mediastream/media_stream.mojom-shared.h"
|
||||
@ -201,10 +202,10 @@ bool RenderFrameHostDelegate::ShouldIgnoreUnresponsiveRenderer() {
|
||||
return false;
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
RenderFrameHostDelegate::GetPermissionsPolicyForIsolatedWebApp(
|
||||
RenderFrameHostImpl* source) {
|
||||
return blink::ParsedPermissionsPolicy();
|
||||
return network::ParsedPermissionsPolicy();
|
||||
}
|
||||
|
||||
bool RenderFrameHostDelegate::IsPopup() const {
|
||||
|
@ -39,6 +39,7 @@
|
||||
#include "services/device/public/mojom/geolocation_context.mojom.h"
|
||||
#include "services/device/public/mojom/wake_lock.mojom.h"
|
||||
#include "services/metrics/public/cpp/ukm_source_id.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/mediastream/media_stream_request.h"
|
||||
#include "third_party/blink/public/mojom/choosers/popup_menu.mojom.h"
|
||||
#include "third_party/blink/public/mojom/devtools/console_message.mojom.h"
|
||||
@ -738,7 +739,7 @@ class CONTENT_EXPORT RenderFrameHostDelegate {
|
||||
// Returns the base permissions policy that should be applied to the Isolated
|
||||
// Web App running in the given RenderFrameHostImpl. If std::nullopt is
|
||||
// returned the default non-isolated permissions policy will be applied.
|
||||
virtual std::optional<blink::ParsedPermissionsPolicy>
|
||||
virtual std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(RenderFrameHostImpl* source);
|
||||
|
||||
// Updates the draggable regions defined by the app-region CSS property.
|
||||
|
@ -238,8 +238,10 @@
|
||||
#include "services/network/public/cpp/is_potentially_trustworthy.h"
|
||||
#include "services/network/public/cpp/network_service_buildflags.h"
|
||||
#include "services/network/public/cpp/not_implemented_url_loader_factory.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/simple_url_loader.h"
|
||||
#include "services/network/public/cpp/web_sandbox_flags.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/public/mojom/url_loader_factory.mojom.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
|
||||
#include "services/service_manager/public/cpp/interface_provider.h"
|
||||
@ -659,7 +661,7 @@ DetermineWhetherToForbidTrustTokenOperation(
|
||||
// permissions from their parent's permissions policy.
|
||||
const blink::PermissionsPolicy* parent_policy =
|
||||
frame->GetParentOrOuterDocument()->GetPermissionsPolicy();
|
||||
blink::ParsedPermissionsPolicy container_policy =
|
||||
network::ParsedPermissionsPolicy container_policy =
|
||||
commit_params.frame_policy.container_policy;
|
||||
subframe_policy = blink::PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
parent_policy, /*header_policy=*/{}, container_policy,
|
||||
@ -684,7 +686,7 @@ DetermineWhetherToForbidTrustTokenOperation(
|
||||
|
||||
const blink::PermissionsPolicy* parent_policy =
|
||||
frame->GetParent()->GetPermissionsPolicy();
|
||||
blink::ParsedPermissionsPolicy container_policy =
|
||||
network::ParsedPermissionsPolicy container_policy =
|
||||
commit_params.frame_policy.container_policy;
|
||||
|
||||
subframe_policy = blink::PermissionsPolicy::CreateFromParentPolicy(
|
||||
@ -7641,7 +7643,7 @@ const blink::PermissionsPolicy* RenderFrameHostImpl::GetPermissionsPolicy() {
|
||||
return permissions_policy_.get();
|
||||
}
|
||||
|
||||
const blink::ParsedPermissionsPolicy&
|
||||
const network::ParsedPermissionsPolicy&
|
||||
RenderFrameHostImpl::GetPermissionsPolicyHeader() {
|
||||
return permissions_policy_header_;
|
||||
}
|
||||
@ -12378,7 +12380,7 @@ void RenderFrameHostImpl::CommitNavigation(
|
||||
|
||||
auto isolation_info = GetSiteInstance()->GetWebExposedIsolationInfo();
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy> manifest_policy;
|
||||
std::optional<network::ParsedPermissionsPolicy> manifest_policy;
|
||||
if (IsOutermostMainFrame() && isolation_info.is_isolated_application()) {
|
||||
if (auto isolated_web_app_permissions_policy =
|
||||
delegate_->GetPermissionsPolicyForIsolatedWebApp(this)) {
|
||||
@ -13528,7 +13530,7 @@ void RenderFrameHostImpl::CreateWebUsbService(
|
||||
}
|
||||
|
||||
void RenderFrameHostImpl::ResetPermissionsPolicy(
|
||||
const blink::ParsedPermissionsPolicy& header_policy) {
|
||||
const network::ParsedPermissionsPolicy& header_policy) {
|
||||
if (IsFencedFrameRoot()) {
|
||||
const std::optional<FencedFrameProperties>& fenced_frame_properties =
|
||||
frame_tree_node()->GetFencedFrameProperties();
|
||||
@ -13544,7 +13546,7 @@ void RenderFrameHostImpl::ResetPermissionsPolicy(
|
||||
// permissions from their parent's permissions policy.
|
||||
const blink::PermissionsPolicy* parent_policy =
|
||||
GetParentOrOuterDocument()->GetPermissionsPolicy();
|
||||
blink::ParsedPermissionsPolicy container_policy =
|
||||
network::ParsedPermissionsPolicy container_policy =
|
||||
browsing_context_state_->effective_frame_policy().container_policy;
|
||||
permissions_policy_ =
|
||||
blink::PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
@ -13583,7 +13585,7 @@ void RenderFrameHostImpl::ResetPermissionsPolicy(
|
||||
RenderFrameHostImpl* parent_frame_host = GetParent();
|
||||
const blink::PermissionsPolicy* parent_policy =
|
||||
parent_frame_host ? parent_frame_host->GetPermissionsPolicy() : nullptr;
|
||||
blink::ParsedPermissionsPolicy container_policy =
|
||||
network::ParsedPermissionsPolicy container_policy =
|
||||
browsing_context_state_->effective_frame_policy().container_policy;
|
||||
|
||||
permissions_policy_ = blink::PermissionsPolicy::CreateFromParentPolicy(
|
||||
@ -15757,7 +15759,7 @@ void RenderFrameHostImpl::SendCommitNavigation(
|
||||
keep_alive_loader_factory,
|
||||
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
|
||||
fetch_later_loader_factory,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token) {
|
||||
|
@ -118,6 +118,7 @@
|
||||
#include "services/metrics/public/cpp/ukm_source_id.h"
|
||||
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
|
||||
#include "services/network/public/cpp/cross_origin_opener_policy.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
|
||||
#include "services/network/public/mojom/fetch_api.mojom-forward.h"
|
||||
#include "services/network/public/mojom/mdns_responder.mojom.h"
|
||||
@ -130,7 +131,6 @@
|
||||
#include "third_party/blink/public/common/frame/history_user_activation_state.h"
|
||||
#include "third_party/blink/public/common/frame/user_activation_state.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/scheduler/web_scheduler_tracked_feature.h"
|
||||
#include "third_party/blink/public/common/storage_key/storage_key.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
@ -543,7 +543,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
|
||||
bool IsFeatureEnabled(
|
||||
network::mojom::PermissionsPolicyFeature feature) override;
|
||||
const blink::PermissionsPolicy* GetPermissionsPolicy() override;
|
||||
const blink::ParsedPermissionsPolicy& GetPermissionsPolicyHeader() override;
|
||||
const network::ParsedPermissionsPolicy& GetPermissionsPolicyHeader() override;
|
||||
void ViewSource() override;
|
||||
void ExecuteMediaPlayerActionAtLocation(
|
||||
const gfx::Point&,
|
||||
@ -3272,7 +3272,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
|
||||
keep_alive_loader_factory,
|
||||
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
|
||||
fetch_later_loader_factory,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token);
|
||||
@ -3852,7 +3852,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
|
||||
// Clears any existing policy and constructs a new policy for this frame,
|
||||
// based on its parent frame and the parsed `header_policy`.
|
||||
void ResetPermissionsPolicy(
|
||||
const blink::ParsedPermissionsPolicy& header_policy);
|
||||
const network::ParsedPermissionsPolicy& header_policy);
|
||||
|
||||
// Runs |callback| for all the local roots immediately under this frame, i.e.
|
||||
// local roots which are under this frame and their first ancestor which is a
|
||||
@ -4906,7 +4906,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
|
||||
// Parsed permissions policy header. It is parsed from blink, received during
|
||||
// DidCommitProvisionalLoad. This is constant during the whole lifetime of
|
||||
// this document.
|
||||
blink::ParsedPermissionsPolicy permissions_policy_header_;
|
||||
network::ParsedPermissionsPolicy permissions_policy_header_;
|
||||
|
||||
// Tracks the permissions policy which has been set on this frame.
|
||||
std::unique_ptr<blink::PermissionsPolicy> permissions_policy_;
|
||||
|
@ -83,6 +83,7 @@
|
||||
#include "content/public/common/url_utils.h"
|
||||
#include "net/base/url_util.h"
|
||||
#include "services/network/public/cpp/features.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/chrome_debug_urls.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
@ -633,7 +634,7 @@ void RenderFrameHostManager::InitRoot(
|
||||
scoped_refptr<BrowsingContextState> browsing_context_state =
|
||||
base::MakeRefCounted<BrowsingContextState>(
|
||||
blink::mojom::FrameReplicationState::New(
|
||||
url::Origin(), name, "", blink::ParsedPermissionsPolicy(),
|
||||
url::Origin(), name, "", network::ParsedPermissionsPolicy(),
|
||||
network::mojom::WebSandboxFlags::kNone, initial_main_frame_policy,
|
||||
// should enforce strict mixed content checking
|
||||
blink::mojom::InsecureRequestPolicy::kLeaveInsecureRequestsAlone,
|
||||
@ -685,7 +686,7 @@ void RenderFrameHostManager::InitChild(
|
||||
base::MakeRefCounted<BrowsingContextState>(
|
||||
blink::mojom::FrameReplicationState::New(
|
||||
url::Origin(), frame_name, frame_unique_name,
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
network::mojom::WebSandboxFlags::kNone, frame_policy,
|
||||
// should enforce strict mixed content checking
|
||||
blink::mojom::InsecureRequestPolicy::kLeaveInsecureRequestsAlone,
|
||||
|
@ -11,6 +11,8 @@
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "content/test/test_render_frame_host.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "third_party/blink/public/common/frame/frame_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/mojom/frame/deferred_fetch_policy.mojom-shared.h"
|
||||
@ -102,10 +104,10 @@ class RenderFrameHostPermissionsPolicyTest
|
||||
}
|
||||
|
||||
private:
|
||||
blink::ParsedPermissionsPolicy CreateFPHeader(
|
||||
network::ParsedPermissionsPolicy CreateFPHeader(
|
||||
network::mojom::PermissionsPolicyFeature feature,
|
||||
const std::vector<std::string>& origins) {
|
||||
blink::ParsedPermissionsPolicy result(1);
|
||||
network::ParsedPermissionsPolicy result(1);
|
||||
result[0].feature = feature;
|
||||
for (auto const& origin : origins) {
|
||||
result[0].allowed_origins.emplace_back(
|
||||
|
@ -48,9 +48,9 @@
|
||||
#include "net/base/test_completion_callback.h"
|
||||
#include "net/http/http_response_info.h"
|
||||
#include "net/http/http_util.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/loader/throttling_url_loader.h"
|
||||
#include "third_party/blink/public/common/navigation/navigation_params.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/storage_key/storage_key.h"
|
||||
#include "third_party/blink/public/mojom/back_forward_cache_not_restored_reasons.mojom.h"
|
||||
#include "third_party/blink/public/mojom/loader/referrer.mojom.h"
|
||||
@ -109,7 +109,7 @@ class FakeNavigationClient : public mojom::NavigationClient {
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token,
|
||||
const base::Uuid& base_auction_nonce,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost>
|
||||
@ -298,7 +298,7 @@ CommittedServiceWorkerClient::CommittedServiceWorkerClient(
|
||||
/*document_token=*/blink::DocumentToken(),
|
||||
/*devtools_navigation_token=*/base::UnguessableToken::Create(),
|
||||
/*base_auction_nonce=*/base::Uuid::GenerateRandomV4(),
|
||||
std::vector<blink::ParsedPermissionsPolicyDeclaration>(),
|
||||
std::vector<network::ParsedPermissionsPolicyDeclaration>(),
|
||||
CreateStubPolicyContainer(), /*code_cache_host=*/mojo::NullRemote(),
|
||||
/*code_cache_host_for_background=*/mojo::NullRemote(),
|
||||
/*cookie_manager_info=*/nullptr,
|
||||
|
@ -29,14 +29,15 @@
|
||||
#include "content/public/test/test_shared_storage_header_observer.h"
|
||||
#include "content/test/test_web_contents.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/shared_storage_utils.h"
|
||||
#include "services/network/public/mojom/optional_bool.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/public/mojom/url_loader_network_service_observer.mojom.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest-param-test.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/gurl.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
@ -74,18 +75,18 @@ enum class TestCaseType {
|
||||
|
||||
using OperationAndResult = SharedStorageWriteOperationAndResult;
|
||||
|
||||
[[nodiscard]] blink::ParsedPermissionsPolicy MakeSharedStoragePermissionsPolicy(
|
||||
const url::Origin& request_origin,
|
||||
bool shared_storage_enabled_for_request,
|
||||
bool shared_storage_enabled_for_all) {
|
||||
[[nodiscard]] network::ParsedPermissionsPolicy
|
||||
MakeSharedStoragePermissionsPolicy(const url::Origin& request_origin,
|
||||
bool shared_storage_enabled_for_request,
|
||||
bool shared_storage_enabled_for_all) {
|
||||
std::vector<network::OriginWithPossibleWildcards> allowed_origins =
|
||||
shared_storage_enabled_for_request
|
||||
? std::vector<network::OriginWithPossibleWildcards>(
|
||||
{*network::OriginWithPossibleWildcards::FromOrigin(
|
||||
request_origin)})
|
||||
: std::vector<network::OriginWithPossibleWildcards>();
|
||||
return blink::ParsedPermissionsPolicy(
|
||||
{blink::ParsedPermissionsPolicyDeclaration(
|
||||
return network::ParsedPermissionsPolicy(
|
||||
{network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kSharedStorage,
|
||||
std::move(allowed_origins),
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
|
@ -142,7 +142,9 @@
|
||||
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
|
||||
#include "services/network/public/cpp/features.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/web_sandbox_flags.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
|
||||
#include "services/viz/privileged/mojom/compositing/features.mojom-features.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
@ -151,7 +153,6 @@
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/input/web_input_event.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/policy_value.h"
|
||||
#include "third_party/blink/public/common/switches.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
@ -372,13 +373,13 @@ bool ConvertJSONToPoint(const std::string& str, gfx::PointF* point) {
|
||||
// list of origins. (Equivalent to the declared policy "feature origin1 origin2
|
||||
// ...".) If the origins list is empty, it's treated as matches all origins
|
||||
// (Equivalent to the declared policy "feature *")
|
||||
blink::ParsedPermissionsPolicyDeclaration
|
||||
network::ParsedPermissionsPolicyDeclaration
|
||||
CreateParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature feature,
|
||||
const std::vector<GURL>& origins,
|
||||
bool match_all_origins = false,
|
||||
const std::optional<GURL> self_if_matches = std::nullopt) {
|
||||
blink::ParsedPermissionsPolicyDeclaration declaration;
|
||||
network::ParsedPermissionsPolicyDeclaration declaration;
|
||||
|
||||
declaration.feature = feature;
|
||||
if (self_if_matches.has_value()) {
|
||||
@ -398,12 +399,12 @@ CreateParsedPermissionsPolicyDeclaration(
|
||||
return declaration;
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicy(
|
||||
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicy(
|
||||
const std::vector<network::mojom::PermissionsPolicyFeature>& features,
|
||||
const std::vector<GURL>& origins,
|
||||
bool match_all_origins = false,
|
||||
const std::optional<GURL> self_if_matches = std::nullopt) {
|
||||
blink::ParsedPermissionsPolicy result;
|
||||
network::ParsedPermissionsPolicy result;
|
||||
result.reserve(features.size());
|
||||
for (const auto& feature : features)
|
||||
result.push_back(CreateParsedPermissionsPolicyDeclaration(
|
||||
@ -411,18 +412,18 @@ blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicy(
|
||||
return result;
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesSelf(
|
||||
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesSelf(
|
||||
const std::vector<network::mojom::PermissionsPolicyFeature>& features,
|
||||
const GURL& self_if_matches) {
|
||||
return CreateParsedPermissionsPolicy(features, {}, false, self_if_matches);
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesAll(
|
||||
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesAll(
|
||||
const std::vector<network::mojom::PermissionsPolicyFeature>& features) {
|
||||
return CreateParsedPermissionsPolicy(features, {}, true);
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesNone(
|
||||
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesNone(
|
||||
const std::vector<network::mojom::PermissionsPolicyFeature>& features) {
|
||||
return CreateParsedPermissionsPolicy(features, {});
|
||||
}
|
||||
@ -7644,7 +7645,7 @@ IN_PROC_BROWSER_TEST_P(SitePerProcessBrowserTest,
|
||||
|
||||
// Validate that the effective container policy contains a single non-unique
|
||||
// origin.
|
||||
const blink::ParsedPermissionsPolicy initial_effective_policy =
|
||||
const network::ParsedPermissionsPolicy initial_effective_policy =
|
||||
root->child_at(2)->effective_frame_policy().container_policy;
|
||||
EXPECT_EQ(1UL, initial_effective_policy[0].allowed_origins.size());
|
||||
|
||||
@ -7654,9 +7655,9 @@ IN_PROC_BROWSER_TEST_P(SitePerProcessBrowserTest,
|
||||
// origin yet) but the effective policy should remain unchanged.
|
||||
EXPECT_TRUE(ExecJs(
|
||||
root, "document.getElementById('child-2').setAttribute('sandbox','')"));
|
||||
const blink::ParsedPermissionsPolicy updated_effective_policy =
|
||||
const network::ParsedPermissionsPolicy updated_effective_policy =
|
||||
root->child_at(2)->effective_frame_policy().container_policy;
|
||||
const blink::ParsedPermissionsPolicy updated_pending_policy =
|
||||
const network::ParsedPermissionsPolicy updated_pending_policy =
|
||||
root->child_at(2)->pending_frame_policy().container_policy;
|
||||
EXPECT_EQ(1UL, updated_effective_policy[0].allowed_origins.size());
|
||||
EXPECT_TRUE(updated_pending_policy[0].matches_opaque_src);
|
||||
@ -7664,7 +7665,7 @@ IN_PROC_BROWSER_TEST_P(SitePerProcessBrowserTest,
|
||||
|
||||
// Navigate the frame; pending policy should now be committed.
|
||||
EXPECT_TRUE(NavigateToURLFromRenderer(root->child_at(2), nav_url));
|
||||
const blink::ParsedPermissionsPolicy final_effective_policy =
|
||||
const network::ParsedPermissionsPolicy final_effective_policy =
|
||||
root->child_at(2)->effective_frame_policy().container_policy;
|
||||
EXPECT_TRUE(final_effective_policy[0].matches_opaque_src);
|
||||
EXPECT_EQ(0UL, final_effective_policy[0].allowed_origins.size());
|
||||
|
@ -27,10 +27,11 @@
|
||||
#include "net/test/embedded_test_server/default_handlers.h"
|
||||
#include "net/test/embedded_test_server/embedded_test_server.h"
|
||||
#include "services/device/public/mojom/smart_card.mojom.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/features_generated.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/smart_card/smart_card.mojom.h"
|
||||
|
||||
using base::test::RunOnceCallback;
|
||||
@ -184,7 +185,7 @@ class SmartCardTestContentBrowserClient
|
||||
SmartCardDelegate* GetSmartCardDelegate() override;
|
||||
bool ShouldUrlUseApplicationIsolationLevel(BrowserContext* browser_context,
|
||||
const GURL& url) override;
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
|
||||
const url::Origin& app_origin) override;
|
||||
|
||||
@ -311,16 +312,16 @@ bool SmartCardTestContentBrowserClient::ShouldUrlUseApplicationIsolationLevel(
|
||||
return true;
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
SmartCardTestContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) {
|
||||
blink::ParsedPermissionsPolicyDeclaration coi_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration coi_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt, /*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/false);
|
||||
blink::ParsedPermissionsPolicyDeclaration smart_card_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration smart_card_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kSmartCard,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/app_origin, /*matches_all_origins=*/false,
|
||||
@ -1638,11 +1639,11 @@ IN_PROC_BROWSER_TEST_F(SmartCardTest, ContextDiesConnectionStays) {
|
||||
class NoCoiPermissionSmartCardTestContentBrowserClient
|
||||
: public SmartCardTestContentBrowserClient {
|
||||
public:
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) override {
|
||||
return {{blink::ParsedPermissionsPolicyDeclaration(
|
||||
return {{network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kSmartCard,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/app_origin,
|
||||
|
@ -3735,7 +3735,7 @@ void WebContentsImpl::OnVibrate(RenderFrameHostImpl* rfh) {
|
||||
observers_.NotifyObservers(&WebContentsObserver::VibrationRequested);
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
WebContentsImpl::GetPermissionsPolicyForIsolatedWebApp(
|
||||
RenderFrameHostImpl* source) {
|
||||
WebExposedIsolationInfo weii =
|
||||
|
@ -71,6 +71,7 @@
|
||||
#include "partition_alloc/buildflags.h"
|
||||
#include "ppapi/buildflags/buildflags.h"
|
||||
#include "services/device/public/mojom/geolocation_context.mojom.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/fetch_api.mojom-forward.h"
|
||||
#include "third_party/blink/public/common/renderer_preferences/renderer_preferences.h"
|
||||
#include "third_party/blink/public/common/web_preferences/web_preferences.h"
|
||||
@ -825,7 +826,7 @@ class CONTENT_EXPORT WebContentsImpl
|
||||
bool blocked) override;
|
||||
void OnVibrate(RenderFrameHostImpl*) override;
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(RenderFrameHostImpl* source) override;
|
||||
|
||||
// Called when WebAudio starts or stops playing audible audio in an
|
||||
|
@ -117,7 +117,9 @@
|
||||
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
|
||||
#include "services/metrics/public/cpp/ukm_builders.h"
|
||||
#include "services/metrics/public/cpp/ukm_source.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/network_context.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/mojom/webauthn/authenticator.mojom.h"
|
||||
@ -1127,7 +1129,7 @@ TEST_F(AuthenticatorImplTest,
|
||||
|
||||
TEST_F(AuthenticatorImplTest,
|
||||
GetClientCapabilities_HybridTransport_BluetoothDisabled) {
|
||||
blink::ParsedPermissionsPolicy permissions_policy(1);
|
||||
network::ParsedPermissionsPolicy permissions_policy(1);
|
||||
permissions_policy[0].feature =
|
||||
network::mojom::PermissionsPolicyFeature::kBluetooth;
|
||||
// Simulate navigating to a page with this Permissions Policy.
|
||||
|
@ -18,9 +18,10 @@
|
||||
#include "content/public/test/test_browser_context.h"
|
||||
#include "content/public/test/test_renderer_host.h"
|
||||
#include "content/public/test/test_web_contents_factory.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/webauthn/authenticator.mojom.h"
|
||||
#include "url/gurl.h"
|
||||
#include "url/origin.h"
|
||||
@ -29,8 +30,8 @@
|
||||
namespace content {
|
||||
namespace {
|
||||
|
||||
blink::ParsedPermissionsPolicy CreatePolicyToAllowWebAuthn() {
|
||||
return {blink::ParsedPermissionsPolicyDeclaration(
|
||||
network::ParsedPermissionsPolicy CreatePolicyToAllowWebAuthn() {
|
||||
return {network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kPublicKeyCredentialsGet,
|
||||
/*allowed_origins=*/{}, /*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -39,16 +40,16 @@ blink::ParsedPermissionsPolicy CreatePolicyToAllowWebAuthn() {
|
||||
|
||||
// The default policy allows same-origin with ancestors, but this creates one
|
||||
// with value 'none'.
|
||||
blink::ParsedPermissionsPolicy CreatePolicyToDenyWebAuthn() {
|
||||
return {blink::ParsedPermissionsPolicyDeclaration(
|
||||
network::ParsedPermissionsPolicy CreatePolicyToDenyWebAuthn() {
|
||||
return {network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kPublicKeyCredentialsGet,
|
||||
/*allowed_origins=*/{}, /*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false)};
|
||||
}
|
||||
|
||||
blink::ParsedPermissionsPolicy CreatePolicyToAllowWebPayments() {
|
||||
return {blink::ParsedPermissionsPolicyDeclaration(
|
||||
network::ParsedPermissionsPolicy CreatePolicyToAllowWebPayments() {
|
||||
return {network::ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature::kPayment,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
@ -57,7 +58,7 @@ blink::ParsedPermissionsPolicy CreatePolicyToAllowWebPayments() {
|
||||
|
||||
struct TestCase {
|
||||
TestCase(const std::string_view& url,
|
||||
const blink::ParsedPermissionsPolicy& policy,
|
||||
const network::ParsedPermissionsPolicy& policy,
|
||||
WebAuthRequestSecurityChecker::RequestType request_type,
|
||||
bool expected_is_cross_origin,
|
||||
blink::mojom::AuthenticatorStatus expected_status)
|
||||
@ -70,7 +71,7 @@ struct TestCase {
|
||||
~TestCase() = default;
|
||||
|
||||
const std::string_view url;
|
||||
const blink::ParsedPermissionsPolicy policy;
|
||||
const network::ParsedPermissionsPolicy policy;
|
||||
const WebAuthRequestSecurityChecker::RequestType request_type;
|
||||
const bool expected_is_cross_origin;
|
||||
const blink::mojom::AuthenticatorStatus expected_status;
|
||||
@ -151,34 +152,34 @@ INSTANTIATE_TEST_SUITE_P(
|
||||
WebAuthRequestSecurityCheckerTest,
|
||||
testing::Values(
|
||||
TestCase("https://same-origin.com",
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
WebAuthRequestSecurityChecker::RequestType::kGetAssertion,
|
||||
/*expected_is_cross_origin=*/false,
|
||||
blink::mojom::AuthenticatorStatus::SUCCESS),
|
||||
TestCase("https://cross-origin.com",
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
WebAuthRequestSecurityChecker::RequestType::kGetAssertion,
|
||||
/*expected_is_cross_origin=*/true,
|
||||
blink::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR),
|
||||
TestCase("https://same-origin.com",
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
WebAuthRequestSecurityChecker::RequestType::kMakeCredential,
|
||||
/*expected_is_cross_origin=*/false,
|
||||
blink::mojom::AuthenticatorStatus::SUCCESS),
|
||||
TestCase("https://cross-origin.com",
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
WebAuthRequestSecurityChecker::RequestType::kMakeCredential,
|
||||
/*expected_is_cross_origin=*/true,
|
||||
blink::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR),
|
||||
TestCase(
|
||||
"https://same-origin.com",
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
WebAuthRequestSecurityChecker::RequestType::kMakePaymentCredential,
|
||||
/*expected_is_cross_origin=*/false,
|
||||
blink::mojom::AuthenticatorStatus::SUCCESS),
|
||||
TestCase(
|
||||
"https://cross-origin.com",
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
WebAuthRequestSecurityChecker::RequestType::kMakePaymentCredential,
|
||||
/*expected_is_cross_origin=*/true,
|
||||
blink::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR)));
|
||||
@ -258,7 +259,7 @@ INSTANTIATE_TEST_SUITE_P(
|
||||
blink::mojom::AuthenticatorStatus::SUCCESS)));
|
||||
|
||||
struct SingleFrameTestCase {
|
||||
SingleFrameTestCase(const blink::ParsedPermissionsPolicy& policy,
|
||||
SingleFrameTestCase(const network::ParsedPermissionsPolicy& policy,
|
||||
WebAuthRequestSecurityChecker::RequestType request_type,
|
||||
blink::mojom::AuthenticatorStatus expected_status)
|
||||
: policy(policy),
|
||||
@ -267,7 +268,7 @@ struct SingleFrameTestCase {
|
||||
|
||||
~SingleFrameTestCase() = default;
|
||||
|
||||
const blink::ParsedPermissionsPolicy policy;
|
||||
const network::ParsedPermissionsPolicy policy;
|
||||
const WebAuthRequestSecurityChecker::RequestType request_type;
|
||||
const blink::mojom::AuthenticatorStatus expected_status;
|
||||
};
|
||||
|
@ -650,6 +650,7 @@ mojom("mojo_bindings") {
|
||||
"//mojo/public/mojom/base",
|
||||
"//services/audio/public/mojom",
|
||||
"//services/network/public/mojom",
|
||||
"//services/network/public/mojom:mojom_permissions_policy",
|
||||
"//services/service_manager/public/mojom",
|
||||
"//services/tracing/public/mojom",
|
||||
"//services/video_capture/public/mojom",
|
||||
|
@ -25,7 +25,7 @@ import "third_party/blink/public/mojom/loader/transferrable_url_loader.mojom";
|
||||
import "third_party/blink/public/mojom/loader/url_loader_factory_bundle.mojom";
|
||||
import "third_party/blink/public/mojom/navigation/navigation_params.mojom";
|
||||
import "third_party/blink/public/mojom/permissions_policy/document_policy_feature.mojom";
|
||||
import "third_party/blink/public/mojom/permissions_policy/permissions_policy.mojom";
|
||||
import "services/network/public/mojom/permissions_policy/permissions_policy.mojom";
|
||||
import "third_party/blink/public/mojom/permissions_policy/policy_value.mojom";
|
||||
import "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom";
|
||||
import "third_party/blink/public/mojom/service_worker/controller_service_worker.mojom";
|
||||
@ -128,7 +128,7 @@ struct DidCommitProvisionalLoadParams {
|
||||
// https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-http-header-field
|
||||
// Note: For backward compatibility, this field also contains
|
||||
// 'Feature-Policy' headers applied to the document.
|
||||
array<blink.mojom.ParsedPermissionsPolicyDeclaration>
|
||||
array<network.mojom.ParsedPermissionsPolicyDeclaration>
|
||||
permissions_policy_header;
|
||||
|
||||
// The 'Document-Policy' headers applied to the document.
|
||||
@ -339,7 +339,7 @@ interface NavigationClient {
|
||||
blink.mojom.DocumentToken document_token,
|
||||
mojo_base.mojom.UnguessableToken devtools_navigation_token,
|
||||
mojo_base.mojom.Uuid base_auction_nonce,
|
||||
array<blink.mojom.ParsedPermissionsPolicyDeclaration>? permissions_policy,
|
||||
array<network.mojom.ParsedPermissionsPolicyDeclaration>? permissions_policy,
|
||||
blink.mojom.PolicyContainer policy_container,
|
||||
pending_remote<blink.mojom.CodeCacheHost>? code_cache_host,
|
||||
pending_remote<blink.mojom.CodeCacheHost>? code_cache_host_for_background,
|
||||
|
@ -302,11 +302,11 @@ size_t ContentBrowserClient::GetProcessCountToIgnoreForLimit() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
ContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) {
|
||||
return blink::ParsedPermissionsPolicy();
|
||||
return network::ParsedPermissionsPolicy();
|
||||
}
|
||||
|
||||
bool ContentBrowserClient::ShouldTryToUseExistingProcessHost(
|
||||
|
@ -68,6 +68,7 @@
|
||||
#include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h"
|
||||
#include "services/metrics/public/cpp/ukm_source_id.h"
|
||||
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/ip_address_space.mojom-forward.h"
|
||||
#include "services/network/public/mojom/network_context.mojom-forward.h"
|
||||
#include "services/network/public/mojom/proxy_config.mojom-forward.h"
|
||||
@ -655,7 +656,7 @@ class CONTENT_EXPORT ContentBrowserClient {
|
||||
// Web App Manifest. The embedder might choose to return an std::nullopt in
|
||||
// specific cases -- then the default non-isolated permissions policy will be
|
||||
// applied.
|
||||
virtual std::optional<blink::ParsedPermissionsPolicy>
|
||||
virtual std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
|
||||
const url::Origin& app_origin);
|
||||
|
||||
|
@ -29,10 +29,10 @@
|
||||
#include "net/cookies/cookie_setting_override.h"
|
||||
#include "services/metrics/public/cpp/ukm_source_id.h"
|
||||
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-forward.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom-forward.h"
|
||||
#include "third_party/blink/public/common/frame/frame_owner_element_type.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
#include "third_party/blink/public/mojom/devtools/console_message.mojom-forward.h"
|
||||
#include "third_party/blink/public/mojom/devtools/inspector_issue.mojom-forward.h"
|
||||
@ -875,7 +875,7 @@ class CONTENT_EXPORT RenderFrameHost : public IPC::Listener,
|
||||
virtual const blink::PermissionsPolicy* GetPermissionsPolicy() = 0;
|
||||
|
||||
// Returns the parsed permissions policy header for this frame.
|
||||
virtual const blink::ParsedPermissionsPolicy&
|
||||
virtual const network::ParsedPermissionsPolicy&
|
||||
GetPermissionsPolicyHeader() = 0;
|
||||
|
||||
// Returns true if the queried PermissionsPolicyFeature is allowed by
|
||||
|
@ -6,8 +6,8 @@
|
||||
#define CONTENT_PUBLIC_TEST_FAKE_REMOTE_FRAME_H_
|
||||
|
||||
#include "mojo/public/cpp/bindings/associated_receiver.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/frame/frame_owner_properties.mojom.h"
|
||||
#include "third_party/blink/public/mojom/frame/fullscreen.mojom.h"
|
||||
#include "third_party/blink/public/mojom/frame/intrinsic_sizing_info.mojom.h"
|
||||
@ -77,7 +77,7 @@ class FakeRemoteFrame : public blink::mojom::RemoteFrame {
|
||||
blink::mojom::IntrinsicSizingInfoPtr sizing_info) override;
|
||||
void DidSetFramePolicyHeaders(
|
||||
network::mojom::WebSandboxFlags sandbox_flags,
|
||||
const std::vector<blink::ParsedPermissionsPolicyDeclaration>&
|
||||
const std::vector<network::ParsedPermissionsPolicyDeclaration>&
|
||||
parsed_permissions_policy) override {}
|
||||
void DidUpdateFramePolicy(const blink::FramePolicy& frame_policy) override {}
|
||||
void UpdateOpener(
|
||||
|
@ -13,6 +13,7 @@
|
||||
#include "content/public/browser/reload_type.h"
|
||||
#include "mojo/public/cpp/bindings/pending_receiver.h"
|
||||
#include "net/dns/public/resolve_error_info.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/service_manager/public/cpp/interface_provider.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/mojom/loader/referrer.mojom-forward.h"
|
||||
@ -283,7 +284,7 @@ class NavigationSimulator {
|
||||
|
||||
// Simulate receiving Permissions-Policy headers.
|
||||
virtual void SetPermissionsPolicyHeader(
|
||||
blink::ParsedPermissionsPolicy permissions_policy_header) = 0;
|
||||
network::ParsedPermissionsPolicy permissions_policy_header) = 0;
|
||||
|
||||
// Provides the contents mime type to be set at commit. It should be
|
||||
// specified before calling |ReadyToCommit| or |Commit|.
|
||||
|
@ -39,14 +39,14 @@ class AuraTestHelper;
|
||||
}
|
||||
} // namespace aura
|
||||
|
||||
namespace blink {
|
||||
namespace network {
|
||||
struct ParsedPermissionsPolicyDeclaration;
|
||||
using ParsedPermissionsPolicy = std::vector<ParsedPermissionsPolicyDeclaration>;
|
||||
} // namespace network
|
||||
|
||||
namespace web_pref {
|
||||
namespace blink::web_pref {
|
||||
struct WebPreferences;
|
||||
}
|
||||
} // namespace blink
|
||||
} // namespace blink::web_pref
|
||||
|
||||
namespace display {
|
||||
#if BUILDFLAG(IS_ANDROID)
|
||||
@ -121,7 +121,7 @@ class RenderFrameHostTester {
|
||||
// used as the container policy.
|
||||
virtual RenderFrameHost* AppendChildWithPolicy(
|
||||
const std::string& frame_name,
|
||||
const blink::ParsedPermissionsPolicy& allow) = 0;
|
||||
const network::ParsedPermissionsPolicy& allow) = 0;
|
||||
|
||||
// Same as AppendChild above, but simulates the `credentialless` attribute
|
||||
// being added.
|
||||
|
@ -67,7 +67,7 @@ void NavigationClient::CommitNavigation(
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token,
|
||||
const base::Uuid& base_auction_nonce,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost>
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "content/public/common/alternative_error_page_override_info.mojom.h"
|
||||
#include "mojo/public/cpp/bindings/associated_receiver.h"
|
||||
#include "mojo/public/cpp/bindings/pending_associated_receiver.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
|
||||
namespace content {
|
||||
@ -51,7 +52,7 @@ class NavigationClient : mojom::NavigationClient {
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token,
|
||||
const base::Uuid& base_auction_nonce,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost>
|
||||
|
@ -2714,7 +2714,7 @@ void RenderFrameImpl::CommitNavigation(
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token,
|
||||
const base::Uuid& base_auction_nonce,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost>
|
||||
@ -3977,7 +3977,7 @@ void RenderFrameImpl::DidCreateDocumentLoader(
|
||||
void RenderFrameImpl::DidCommitNavigation(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
bool should_reset_browser_interface_broker,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header) {
|
||||
TRACE_EVENT_WITH_FLOW0("navigation", "RenderFrameImpl::DidCommitNavigation",
|
||||
TRACE_ID_LOCAL(this),
|
||||
@ -4314,7 +4314,7 @@ void RenderFrameImpl::DidFinishSameDocumentNavigation(
|
||||
|
||||
DidCommitNavigationInternal(
|
||||
commit_type, transition,
|
||||
blink::ParsedPermissionsPolicy(), // permissions_policy_header
|
||||
network::ParsedPermissionsPolicy(), // permissions_policy_header
|
||||
blink::DocumentPolicyFeatureState(), // document_policy_header
|
||||
nullptr, // interface_params
|
||||
std::move(same_document_params),
|
||||
@ -4961,7 +4961,7 @@ mojom::DidCommitProvisionalLoadParamsPtr
|
||||
RenderFrameImpl::MakeDidCommitProvisionalLoadParams(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
ui::PageTransition transition,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header,
|
||||
const std::optional<base::UnguessableToken>& embedding_token) {
|
||||
WebDocumentLoader* document_loader = frame_->GetDocumentLoader();
|
||||
@ -5251,7 +5251,7 @@ void RenderFrameImpl::UpdateStateForCommit(
|
||||
void RenderFrameImpl::DidCommitNavigationInternal(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
ui::PageTransition transition,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header,
|
||||
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params,
|
||||
mojom::DidCommitSameDocumentNavigationParamsPtr same_document_params,
|
||||
|
@ -68,6 +68,7 @@
|
||||
#include "mojo/public/cpp/bindings/remote.h"
|
||||
#include "mojo/public/cpp/system/data_pipe.h"
|
||||
#include "ppapi/buildflags/buildflags.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/url_loader_factory.mojom.h"
|
||||
#include "services/network/public/mojom/url_response_head.mojom-forward.h"
|
||||
#include "services/service_manager/public/cpp/binder_registry.h"
|
||||
@ -491,7 +492,7 @@ class CONTENT_EXPORT RenderFrameImpl
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token,
|
||||
const base::Uuid& base_auction_nonce,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
|
||||
mojo::PendingRemote<blink::mojom::CodeCacheHost>
|
||||
@ -583,7 +584,7 @@ class CONTENT_EXPORT RenderFrameImpl
|
||||
void DidCommitNavigation(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
bool should_reset_browser_interface_broker,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header) override;
|
||||
void DidCommitDocumentReplacementNavigation(
|
||||
blink::WebDocumentLoader* document_loader) override;
|
||||
@ -1117,7 +1118,7 @@ class CONTENT_EXPORT RenderFrameImpl
|
||||
mojom::DidCommitProvisionalLoadParamsPtr MakeDidCommitProvisionalLoadParams(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
ui::PageTransition transition,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header,
|
||||
const std::optional<base::UnguessableToken>& embedding_token);
|
||||
|
||||
@ -1141,7 +1142,7 @@ class CONTENT_EXPORT RenderFrameImpl
|
||||
void DidCommitNavigationInternal(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
ui::PageTransition transition,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header,
|
||||
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params,
|
||||
mojom::DidCommitSameDocumentNavigationParamsPtr same_document_params,
|
||||
|
@ -88,11 +88,11 @@
|
||||
#include "services/device/public/cpp/geolocation/location_system_permission_status.h"
|
||||
#include "services/network/public/cpp/features.h"
|
||||
#include "services/network/public/cpp/network_service_buildflags.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/network_context.mojom.h"
|
||||
#include "services/network/public/mojom/network_service.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/switches.h"
|
||||
#include "third_party/blink/public/common/user_agent/user_agent_metadata.h"
|
||||
#include "third_party/blink/public/common/web_preferences/web_preferences.h"
|
||||
@ -1001,17 +1001,17 @@ void ShellContentBrowserClient::SetUpFieldTrials() {
|
||||
/*enable_limited_entropy_mode=*/false));
|
||||
}
|
||||
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
ShellContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
|
||||
WebContents* web_contents,
|
||||
const url::Origin& app_origin) {
|
||||
blink::ParsedPermissionsPolicyDeclaration coi_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration coi_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true, /*matches_opaque_src=*/false);
|
||||
|
||||
blink::ParsedPermissionsPolicyDeclaration socket_decl(
|
||||
network::ParsedPermissionsPolicyDeclaration socket_decl(
|
||||
network::mojom::PermissionsPolicyFeature::kDirectSockets,
|
||||
/*allowed_origins=*/{}, app_origin,
|
||||
/*matches_all_origins=*/false, /*matches_opaque_src=*/false);
|
||||
|
@ -14,6 +14,7 @@
|
||||
#include "build/build_config.h"
|
||||
#include "content/public/browser/content_browser_client.h"
|
||||
#include "content/shell/browser/shell_speech_recognition_manager_delegate.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/network_context.mojom-forward.h"
|
||||
|
||||
class PrefService;
|
||||
@ -178,7 +179,7 @@ class ShellContentBrowserClient : public ContentBrowserClient {
|
||||
|
||||
// Turns on features via permissions policy for Isolated App
|
||||
// Web Platform Tests.
|
||||
std::optional<blink::ParsedPermissionsPolicy>
|
||||
std::optional<network::ParsedPermissionsPolicy>
|
||||
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
|
||||
const url::Origin& app_origin) override;
|
||||
|
||||
|
@ -1052,7 +1052,7 @@ void NavigationSimulatorImpl::SetIsSignedExchangeInnerResponse(
|
||||
}
|
||||
|
||||
void NavigationSimulatorImpl::SetPermissionsPolicyHeader(
|
||||
blink::ParsedPermissionsPolicy permissions_policy_header) {
|
||||
network::ParsedPermissionsPolicy permissions_policy_header) {
|
||||
CHECK_LE(state_, STARTED) << "The Permissions-Policy headers cannot be set "
|
||||
"after the navigation has committed or failed";
|
||||
permissions_policy_header_ = std::move(permissions_policy_header);
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include "net/base/load_flags.h"
|
||||
#include "net/dns/public/resolve_error_info.h"
|
||||
#include "net/http/http_connection_info.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/navigation/impression.h"
|
||||
#include "third_party/blink/public/mojom/loader/mixed_content.mojom.h"
|
||||
#include "third_party/blink/public/mojom/loader/referrer.mojom-forward.h"
|
||||
@ -97,7 +98,7 @@ class NavigationSimulatorImpl : public NavigationSimulator,
|
||||
void SetIsSignedExchangeInnerResponse(
|
||||
bool is_signed_exchange_inner_response) override;
|
||||
void SetPermissionsPolicyHeader(
|
||||
blink::ParsedPermissionsPolicy permissions_policy_header) override;
|
||||
network::ParsedPermissionsPolicy permissions_policy_header) override;
|
||||
void SetContentsMimeType(const std::string& contents_mime_type) override;
|
||||
void SetRedirectHeaders(
|
||||
scoped_refptr<net::HttpResponseHeaders> redirect_headers) override;
|
||||
@ -383,7 +384,7 @@ class NavigationSimulatorImpl : public NavigationSimulator,
|
||||
std::string contents_mime_type_;
|
||||
scoped_refptr<net::HttpResponseHeaders> redirect_headers_;
|
||||
scoped_refptr<net::HttpResponseHeaders> response_headers_;
|
||||
blink::ParsedPermissionsPolicy permissions_policy_header_;
|
||||
network::ParsedPermissionsPolicy permissions_policy_header_;
|
||||
mojo::ScopedDataPipeConsumerHandle response_body_;
|
||||
network::mojom::CSPDisposition should_check_main_world_csp_ =
|
||||
network::mojom::CSPDisposition::CHECK;
|
||||
|
@ -26,6 +26,7 @@
|
||||
#include "mojo/public/cpp/bindings/remote.h"
|
||||
#include "net/base/data_url.h"
|
||||
#include "services/network/public/cpp/not_implemented_url_loader_factory.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/url_response_head.mojom.h"
|
||||
#include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
@ -273,7 +274,7 @@ void TestRenderFrame::Navigate(
|
||||
/*document_token=*/blink::DocumentToken(),
|
||||
/*devtools_navigation_token=*/base::UnguessableToken::Create(),
|
||||
/*base_auction_nonce=*/base::Uuid::GenerateRandomV4(),
|
||||
blink::ParsedPermissionsPolicy(),
|
||||
network::ParsedPermissionsPolicy(),
|
||||
blink::mojom::PolicyContainer::New(
|
||||
blink::mojom::PolicyContainerPolicies::New(),
|
||||
mock_policy_container_host.BindNewEndpointAndPassDedicatedRemote()),
|
||||
|
@ -191,7 +191,7 @@ TestRenderFrameHost* TestRenderFrameHost::AppendChild(
|
||||
|
||||
TestRenderFrameHost* TestRenderFrameHost::AppendChildWithPolicy(
|
||||
const std::string& frame_name,
|
||||
const blink::ParsedPermissionsPolicy& allow) {
|
||||
const network::ParsedPermissionsPolicy& allow) {
|
||||
std::string frame_unique_name =
|
||||
base::Uuid::GenerateRandomV4().AsLowercaseString();
|
||||
OnCreateChildFrame(
|
||||
@ -629,7 +629,7 @@ void TestRenderFrameHost::SendCommitNavigation(
|
||||
keep_alive_loader_factory,
|
||||
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
|
||||
fetch_later_loader_factory,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token) {
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include "content/test/test_render_widget_host.h"
|
||||
#include "mojo/public/cpp/bindings/pending_receiver.h"
|
||||
#include "mojo/public/cpp/bindings/pending_remote.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/common/tokens/tokens.h"
|
||||
#include "third_party/blink/public/mojom/loader/transferrable_url_loader.mojom.h"
|
||||
#include "third_party/blink/public/mojom/navigation/navigation_params.mojom-forward.h"
|
||||
@ -96,7 +97,7 @@ class TestRenderFrameHost : public RenderFrameHostImpl,
|
||||
TestRenderFrameHost* AppendChild(const std::string& frame_name) override;
|
||||
TestRenderFrameHost* AppendChildWithPolicy(
|
||||
const std::string& frame_name,
|
||||
const blink::ParsedPermissionsPolicy& allow) override;
|
||||
const network::ParsedPermissionsPolicy& allow) override;
|
||||
TestRenderFrameHost* AppendCredentiallessChild(
|
||||
const std::string& frame_name) override;
|
||||
void Detach() override;
|
||||
@ -272,7 +273,7 @@ class TestRenderFrameHost : public RenderFrameHostImpl,
|
||||
keep_alive_loader_factory,
|
||||
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
|
||||
fetch_later_loader_factory,
|
||||
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
|
||||
blink::mojom::PolicyContainerPtr policy_container,
|
||||
const blink::DocumentToken& document_token,
|
||||
const base::UnguessableToken& devtools_navigation_token) override;
|
||||
|
@ -16,6 +16,7 @@ include_rules = [
|
||||
"+services/device/public/cpp/generic_sensor",
|
||||
"+services/device/public/mojom",
|
||||
"+services/network/public/mojom/cors.mojom.h",
|
||||
"+services/network/public/cpp/permissions_policy",
|
||||
"+services/service_manager/public/cpp",
|
||||
"+skia",
|
||||
"+third_party/khronos/GLES2/gl2.h",
|
||||
|
@ -764,7 +764,7 @@ void WebFrameTestProxy::DidClearWindowObject() {
|
||||
void WebFrameTestProxy::DidCommitNavigation(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
bool should_reset_browser_interface_broker,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header) {
|
||||
if (should_block_parsing_in_next_commit_) {
|
||||
should_block_parsing_in_next_commit_ = false;
|
||||
|
@ -17,6 +17,7 @@
|
||||
#include "content/web_test/renderer/text_input_controller.h"
|
||||
#include "mojo/public/cpp/bindings/associated_receiver.h"
|
||||
#include "mojo/public/cpp/bindings/pending_associated_receiver.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/platform/web_effective_connection_type.h"
|
||||
#include "third_party/blink/public/platform/web_string.h"
|
||||
#include "third_party/blink/public/test/frame_widget_test_helper.h"
|
||||
@ -89,7 +90,7 @@ class WebFrameTestProxy : public RenderFrameImpl,
|
||||
void DidCommitNavigation(
|
||||
blink::WebHistoryCommitType commit_type,
|
||||
bool should_reset_browser_interface_broker,
|
||||
const blink::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const network::ParsedPermissionsPolicy& permissions_policy_header,
|
||||
const blink::DocumentPolicyFeatureState& document_policy_header) override;
|
||||
void HandleAXObjectDetachedForTest(unsigned axid) override;
|
||||
void HandleWebAccessibilityEventForTest(
|
||||
|
@ -75,11 +75,12 @@ class LineWrapperTest(unittest.TestCase):
|
||||
|
||||
def testWrapWithIndent(self):
|
||||
lw = mojofmt.LineWrapper(base_indent=2)
|
||||
data = ('array<blink.mojom.ParsedPermissionsPolicyDeclaration> ' +
|
||||
data = ('array<network.mojom.ParsedPermissionsPolicyDeclaration> ' +
|
||||
'permissions_policy_header;')
|
||||
lw.write(data)
|
||||
expected = (' array<blink.mojom.ParsedPermissionsPolicyDeclaration>' +
|
||||
'\n permissions_policy_header;')
|
||||
expected = (
|
||||
' array<network.mojom.ParsedPermissionsPolicyDeclaration>' +
|
||||
'\n permissions_policy_header;')
|
||||
self.assertEqual(expected, lw.finish())
|
||||
|
||||
def testAlreadyIndented(self):
|
||||
|
@ -110,7 +110,10 @@ component("cpp") {
|
||||
"parsed_headers.h",
|
||||
"permissions_policy/origin_with_possible_wildcards.cc",
|
||||
"permissions_policy/origin_with_possible_wildcards.h",
|
||||
"permissions_policy/permissions_policy_declaration.cc",
|
||||
"permissions_policy/permissions_policy_declaration.h",
|
||||
"permissions_policy/permissions_policy_mojom_traits.cc",
|
||||
"permissions_policy/permissions_policy_mojom_traits.h",
|
||||
"private_network_access_check_result.cc",
|
||||
"private_network_access_check_result.h",
|
||||
"record_ontransfersizeupdate_utils.h",
|
||||
@ -165,7 +168,7 @@ component("cpp") {
|
||||
":cpp_base",
|
||||
"//net",
|
||||
"//services/network/public/mojom",
|
||||
"//services/network/public/mojom:mojom_permissions_policy",
|
||||
"//services/network/public/mojom:mojom_permissions_policy_shared",
|
||||
"//services/network/public/mojom:url_loader_base",
|
||||
"//url",
|
||||
"//url/ipc:url_ipc",
|
||||
@ -601,6 +604,7 @@ source_set("tests") {
|
||||
"parsed_headers_unittest.cc",
|
||||
"parsed_request_cookie_mojom_traits_unittest.cc",
|
||||
"permissions_policy/origin_with_possible_wildcards_unittest.cc",
|
||||
"permissions_policy/permissions_policy_declaration_unittest.cc",
|
||||
"proxy_config_mojom_traits_unittest.cc",
|
||||
"request_destination_unittest.cc",
|
||||
"schemeful_site_mojom_traits_unittest.cc",
|
||||
@ -642,6 +646,7 @@ source_set("tests") {
|
||||
"//services/network:network_service",
|
||||
"//services/network:test_support",
|
||||
"//services/network/public/cpp/cert_verifier:cert_verifier_tests",
|
||||
"//services/network/public/mojom:mojom_permissions_policy",
|
||||
"//testing/gtest",
|
||||
]
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
#include "base/component_export.h"
|
||||
#include "services/network/public/mojom/content_security_policy.mojom.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-forward.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
namespace network {
|
||||
|
@ -2,7 +2,7 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
|
||||
#include <tuple>
|
||||
#include <vector>
|
||||
@ -11,7 +11,7 @@
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
namespace blink {
|
||||
namespace network {
|
||||
|
||||
ParsedPermissionsPolicyDeclaration::ParsedPermissionsPolicyDeclaration() =
|
||||
default;
|
||||
@ -66,4 +66,4 @@ bool operator==(const ParsedPermissionsPolicyDeclaration& lhs,
|
||||
rhs.allowed_origins);
|
||||
}
|
||||
|
||||
} // namespace blink
|
||||
} // namespace network
|
@ -2,23 +2,23 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#ifndef THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
|
||||
#define THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
|
||||
#ifndef SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
|
||||
#define SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
|
||||
|
||||
#include <vector>
|
||||
|
||||
#include "base/component_export.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-forward.h"
|
||||
#include "third_party/blink/public/common/common_export.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
namespace blink {
|
||||
namespace network {
|
||||
|
||||
// This struct holds permissions policy allowlist data that needs to be
|
||||
// replicated between a RenderFrame and any of its associated
|
||||
// RenderFrameProxies. A list of these form a ParsedPermissionsPolicy. NOTE:
|
||||
// These types are used for replication frame state between processes.
|
||||
struct BLINK_COMMON_EXPORT ParsedPermissionsPolicyDeclaration {
|
||||
struct COMPONENT_EXPORT(NETWORK_CPP) ParsedPermissionsPolicyDeclaration {
|
||||
ParsedPermissionsPolicyDeclaration();
|
||||
explicit ParsedPermissionsPolicyDeclaration(
|
||||
network::mojom::PermissionsPolicyFeature feature);
|
||||
@ -61,10 +61,11 @@ struct BLINK_COMMON_EXPORT ParsedPermissionsPolicyDeclaration {
|
||||
|
||||
using ParsedPermissionsPolicy = std::vector<ParsedPermissionsPolicyDeclaration>;
|
||||
|
||||
bool BLINK_COMMON_EXPORT
|
||||
operator==(const ParsedPermissionsPolicyDeclaration& lhs,
|
||||
const ParsedPermissionsPolicyDeclaration& rhs);
|
||||
bool COMPONENT_EXPORT(
|
||||
NETWORK_CPP) operator==(const ParsedPermissionsPolicyDeclaration & lhs,
|
||||
const ParsedPermissionsPolicyDeclaration &
|
||||
rhs);
|
||||
|
||||
} // namespace blink
|
||||
} // namespace network
|
||||
|
||||
#endif // THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
|
||||
#endif // SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
|
@ -2,14 +2,14 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
#include "url/gurl.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
namespace blink {
|
||||
namespace network {
|
||||
|
||||
TEST(ParsedPermissionsPolicyDeclarationTest, Contains) {
|
||||
const url::Origin kTestOrigin =
|
||||
@ -63,4 +63,4 @@ TEST(ParsedPermissionsPolicyDeclarationTest, Contains) {
|
||||
EXPECT_TRUE(opaque_self_decl.Contains(kOpaqueOrigin));
|
||||
}
|
||||
|
||||
} // namespace blink
|
||||
} // namespace network
|
@ -4,6 +4,10 @@
|
||||
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/mojom/origin_mojom_traits.h"
|
||||
|
||||
namespace mojo {
|
||||
|
||||
bool StructTraits<network::mojom::OriginWithPossibleWildcardsDataView,
|
||||
@ -21,4 +25,15 @@ bool StructTraits<network::mojom::OriginWithPossibleWildcardsDataView,
|
||||
return out->csp_source.scheme.length() != 0;
|
||||
}
|
||||
|
||||
bool StructTraits<network::mojom::ParsedPermissionsPolicyDeclarationDataView,
|
||||
network::ParsedPermissionsPolicyDeclaration>::
|
||||
Read(network::mojom::ParsedPermissionsPolicyDeclarationDataView in,
|
||||
network::ParsedPermissionsPolicyDeclaration* out) {
|
||||
out->matches_all_origins = in.matches_all_origins();
|
||||
out->matches_opaque_src = in.matches_opaque_src();
|
||||
return in.ReadFeature(&out->feature) &&
|
||||
in.ReadAllowedOrigins(&out->allowed_origins) &&
|
||||
in.ReadSelfIfMatches(&out->self_if_matches);
|
||||
}
|
||||
|
||||
} // namespace mojo
|
||||
|
@ -9,6 +9,7 @@
|
||||
|
||||
#include "base/component_export.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
|
||||
|
||||
namespace mojo {
|
||||
@ -43,6 +44,41 @@ class COMPONENT_EXPORT(NETWORK_CPP)
|
||||
network::OriginWithPossibleWildcards* out);
|
||||
};
|
||||
|
||||
template <>
|
||||
class COMPONENT_EXPORT(NETWORK_CPP)
|
||||
StructTraits<network::mojom::ParsedPermissionsPolicyDeclarationDataView,
|
||||
network::ParsedPermissionsPolicyDeclaration> {
|
||||
public:
|
||||
static network::mojom::PermissionsPolicyFeature feature(
|
||||
const network::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.feature;
|
||||
}
|
||||
static const std::vector<network::OriginWithPossibleWildcards>&
|
||||
allowed_origins(const network::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.allowed_origins;
|
||||
}
|
||||
static const std::optional<url::Origin>& self_if_matches(
|
||||
const network::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.self_if_matches;
|
||||
}
|
||||
static bool matches_all_origins(
|
||||
const network::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.matches_all_origins;
|
||||
}
|
||||
static bool matches_opaque_src(
|
||||
const network::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.matches_opaque_src;
|
||||
}
|
||||
static const std::optional<std::string>& reporting_endpoint(
|
||||
const network::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.reporting_endpoint;
|
||||
}
|
||||
|
||||
static bool Read(
|
||||
network::mojom::ParsedPermissionsPolicyDeclarationDataView in,
|
||||
network::ParsedPermissionsPolicyDeclaration* out);
|
||||
};
|
||||
|
||||
} // namespace mojo
|
||||
|
||||
#endif // SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_
|
||||
|
@ -1504,24 +1504,35 @@ mojom("mojom_permissions_policy") {
|
||||
"permissions_policy/permissions_policy_feature.mojom",
|
||||
]
|
||||
|
||||
cpp_typemaps = [
|
||||
public_deps = [ "//url/mojom:url_mojom_origin" ]
|
||||
|
||||
shared_cpp_typemaps = [
|
||||
{
|
||||
types = [
|
||||
{
|
||||
mojom = "network.mojom.OriginWithPossibleWildcards"
|
||||
cpp = "::network::OriginWithPossibleWildcards"
|
||||
},
|
||||
{
|
||||
mojom = "network.mojom.ParsedPermissionsPolicyDeclaration"
|
||||
cpp = "::network::ParsedPermissionsPolicyDeclaration"
|
||||
},
|
||||
]
|
||||
traits_headers = [ "//services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h" ]
|
||||
traits_public_deps = [
|
||||
"//services/network/public/cpp:cpp",
|
||||
"//services/network/public/mojom:url_loader_base",
|
||||
"//url/mojom:mojom_traits",
|
||||
]
|
||||
traits_headers = [ "//services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h" ]
|
||||
traits_private_headers = [ "//services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h" ]
|
||||
traits_public_deps = [ "//services/network/public/mojom:url_loader_base" ]
|
||||
},
|
||||
]
|
||||
cpp_typemaps = shared_cpp_typemaps
|
||||
blink_cpp_typemaps = shared_cpp_typemaps
|
||||
|
||||
if (!is_ios) {
|
||||
export_class_attribute = "BLINK_COMMON_EXPORT"
|
||||
export_define = "BLINK_COMMON_IMPLEMENTATION=1"
|
||||
export_header = "third_party/blink/public/common/common_export.h"
|
||||
export_class_attribute_blink = "BLINK_PLATFORM_EXPORT"
|
||||
export_define_blink = "BLINK_PLATFORM_IMPLEMENTATION=1"
|
||||
export_header_blink = "third_party/blink/public/platform/web_common.h"
|
||||
}
|
||||
|
||||
# Don't scramble message IDs so they are redistributable to external tests.
|
||||
|
@ -4,6 +4,9 @@
|
||||
|
||||
module network.mojom;
|
||||
|
||||
import "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom";
|
||||
import "url/mojom/origin.mojom";
|
||||
|
||||
// This struct mirrors network.mojom.CSPSource, but excludes members not used
|
||||
// in permissions policies like `path`.
|
||||
// TODO(crbug.com/40126948): Consider merging this with CSPSource as discussed
|
||||
@ -15,3 +18,16 @@ struct OriginWithPossibleWildcards {
|
||||
bool is_host_wildcard = false;
|
||||
bool is_port_wildcard = false;
|
||||
};
|
||||
|
||||
// This struct holds permissions policy allowlist data that needs to be replicated
|
||||
// between a RenderFrame and any of its associated RenderFrameProxies. A list of
|
||||
// these form a ParsedPermissionsPolicy.
|
||||
// NOTE: These types are used for replication frame state between processes.
|
||||
struct ParsedPermissionsPolicyDeclaration {
|
||||
PermissionsPolicyFeature feature;
|
||||
array<OriginWithPossibleWildcards> allowed_origins;
|
||||
url.mojom.Origin? self_if_matches;
|
||||
bool matches_all_origins;
|
||||
bool matches_opaque_src;
|
||||
string? reporting_endpoint;
|
||||
};
|
||||
|
4
third_party/blink/common/BUILD.gn
vendored
4
third_party/blink/common/BUILD.gn
vendored
@ -267,12 +267,10 @@ source_set("common") {
|
||||
"permissions/permission_utils.cc",
|
||||
"permissions_policy/document_policy.cc",
|
||||
"permissions_policy/permissions_policy.cc",
|
||||
"permissions_policy/permissions_policy_declaration.cc",
|
||||
"permissions_policy/permissions_policy_features.cc",
|
||||
"permissions_policy/permissions_policy_features_generated.h",
|
||||
"permissions_policy/permissions_policy_features_internal.cc",
|
||||
"permissions_policy/permissions_policy_features_internal.h",
|
||||
"permissions_policy/permissions_policy_mojom_traits.cc",
|
||||
"permissions_policy/policy_value.cc",
|
||||
"renderer_preferences/renderer_preferences.cc",
|
||||
"renderer_preferences/renderer_preferences_mojom_traits.cc",
|
||||
@ -341,6 +339,7 @@ source_set("common") {
|
||||
"//services/metrics/public/cpp:ukm_builders",
|
||||
"//services/metrics/public/mojom:mojom",
|
||||
"//services/network/public/cpp:cpp",
|
||||
"//services/network/public/mojom:mojom_permissions_policy",
|
||||
"//third_party/blink/common/rust_crash",
|
||||
"//third_party/blink/public/common:buildflags",
|
||||
"//third_party/re2",
|
||||
@ -451,7 +450,6 @@ source_set("common_unittests_sources") {
|
||||
"page_state/page_state_serialization_unittest.cc",
|
||||
"peerconnection/webrtc_ip_handling_policy_unittest.cc",
|
||||
"permissions_policy/document_policy_unittest.cc",
|
||||
"permissions_policy/permissions_policy_declaration_unittest.cc",
|
||||
"permissions_policy/permissions_policy_features_internal.h",
|
||||
"permissions_policy/permissions_policy_unittest.cc",
|
||||
"permissions_policy/policy_value_unittest.cc",
|
||||
|
@ -4,10 +4,10 @@
|
||||
|
||||
#include "third_party/blink/public/common/fenced_frame/redacted_fenced_frame_config_mojom_traits.h"
|
||||
|
||||
#include "third_party/blink/common/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
#include "third_party/blink/public/common/fenced_frame/fenced_frame_utils.h"
|
||||
#include "third_party/blink/public/common/fenced_frame/redacted_fenced_frame_config.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/fenced_frame/fenced_frame_config.mojom.h"
|
||||
|
||||
namespace mojo {
|
||||
@ -171,7 +171,7 @@ bool StructTraits<blink::mojom::SharedStorageBudgetMetadataDataView,
|
||||
}
|
||||
|
||||
// static
|
||||
const std::vector<blink::ParsedPermissionsPolicyDeclaration>&
|
||||
const std::vector<network::ParsedPermissionsPolicyDeclaration>&
|
||||
StructTraits<blink::mojom::ParentPermissionsInfoDataView,
|
||||
blink::FencedFrame::ParentPermissionsInfo>::
|
||||
parsed_permissions_policy(
|
||||
|
@ -3,6 +3,8 @@
|
||||
// found in the LICENSE file.
|
||||
|
||||
#include "third_party/blink/public/common/frame/frame_policy.h"
|
||||
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
|
||||
|
||||
namespace blink {
|
||||
@ -15,7 +17,7 @@ FramePolicy::FramePolicy()
|
||||
|
||||
FramePolicy::FramePolicy(
|
||||
network::mojom::WebSandboxFlags sandbox_flags,
|
||||
const ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const DocumentPolicyFeatureState& required_document_policy,
|
||||
mojom::DeferredFetchPolicy deferred_fetch_policy)
|
||||
: sandbox_flags(sandbox_flags),
|
||||
|
@ -5,10 +5,11 @@
|
||||
#ifndef THIRD_PARTY_BLINK_COMMON_FRAME_FRAME_POLICY_MOJOM_TRAITS_H_
|
||||
#define THIRD_PARTY_BLINK_COMMON_FRAME_FRAME_POLICY_MOJOM_TRAITS_H_
|
||||
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
|
||||
#include "third_party/blink/common/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
#include "third_party/blink/common/permissions_policy/policy_value_mojom_traits.h"
|
||||
#include "third_party/blink/public/common/frame/frame_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/fenced_frame/fenced_frame.mojom-shared.h"
|
||||
#include "third_party/blink/public/mojom/frame/frame_policy.mojom-shared.h"
|
||||
|
||||
@ -18,7 +19,7 @@ template <>
|
||||
class BLINK_COMMON_EXPORT
|
||||
StructTraits<blink::mojom::FramePolicyDataView, blink::FramePolicy> {
|
||||
public:
|
||||
static const std::vector<blink::ParsedPermissionsPolicyDeclaration>&
|
||||
static const std::vector<network::ParsedPermissionsPolicyDeclaration>&
|
||||
container_policy(const blink::FramePolicy& frame_policy) {
|
||||
return frame_policy.container_policy;
|
||||
}
|
||||
|
@ -9,6 +9,7 @@
|
||||
#include "base/memory/ptr_util.h"
|
||||
#include "base/no_destructor.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/resource_request.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
|
||||
@ -27,7 +28,7 @@ PermissionsPolicy::Allowlist::Allowlist(const Allowlist& rhs) = default;
|
||||
PermissionsPolicy::Allowlist::~Allowlist() = default;
|
||||
|
||||
PermissionsPolicy::Allowlist PermissionsPolicy::Allowlist::FromDeclaration(
|
||||
const ParsedPermissionsPolicyDeclaration& parsed_declaration) {
|
||||
const network::ParsedPermissionsPolicyDeclaration& parsed_declaration) {
|
||||
auto result = PermissionsPolicy::Allowlist();
|
||||
if (parsed_declaration.self_if_matches) {
|
||||
result.AddSelf(parsed_declaration.self_if_matches);
|
||||
@ -92,8 +93,8 @@ bool PermissionsPolicy::Allowlist::MatchesOpaqueSrc() const {
|
||||
// static
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParentPolicy(
|
||||
const PermissionsPolicy* parent_policy,
|
||||
const ParsedPermissionsPolicy& header_policy,
|
||||
const ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& header_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const url::Origin& origin,
|
||||
bool headerless) {
|
||||
return CreateFromParentPolicy(parent_policy, header_policy, container_policy,
|
||||
@ -118,8 +119,8 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CopyStateFrom(
|
||||
|
||||
// static
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParsedPolicy(
|
||||
const ParsedPermissionsPolicy& parsed_policy,
|
||||
const std::optional<ParsedPermissionsPolicy>& base_policy,
|
||||
const network::ParsedPermissionsPolicy& parsed_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>& base_policy,
|
||||
const url::Origin& origin) {
|
||||
return CreateFromParsedPolicy(parsed_policy, base_policy, origin,
|
||||
GetPermissionsPolicyFeatureList(origin));
|
||||
@ -127,8 +128,8 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParsedPolicy(
|
||||
|
||||
// static
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParsedPolicy(
|
||||
const ParsedPermissionsPolicy& parsed_policy,
|
||||
const std::optional<ParsedPermissionsPolicy>&
|
||||
const network::ParsedPermissionsPolicy& parsed_policy,
|
||||
const std::optional<network::ParsedPermissionsPolicy>&
|
||||
parsed_policy_for_isolated_app,
|
||||
const url::Origin& origin,
|
||||
const PermissionsPolicyFeatureList& features) {
|
||||
@ -342,9 +343,9 @@ std::optional<std::string> PermissionsPolicy::GetEndpointForFeature(
|
||||
// static
|
||||
PermissionsPolicy::AllowlistsAndReportingEndpoints
|
||||
PermissionsPolicy::CreateAllowlistsAndReportingEndpoints(
|
||||
const ParsedPermissionsPolicy& parsed_header) {
|
||||
const network::ParsedPermissionsPolicy& parsed_header) {
|
||||
AllowlistsAndReportingEndpoints allow_lists_and_reporting_endpoints;
|
||||
for (const ParsedPermissionsPolicyDeclaration& parsed_declaration :
|
||||
for (const network::ParsedPermissionsPolicyDeclaration& parsed_declaration :
|
||||
parsed_header) {
|
||||
network::mojom::PermissionsPolicyFeature feature =
|
||||
parsed_declaration.feature;
|
||||
@ -362,12 +363,12 @@ PermissionsPolicy::CreateAllowlistsAndReportingEndpoints(
|
||||
// static
|
||||
PermissionsPolicy::AllowlistsAndReportingEndpoints
|
||||
PermissionsPolicy::CombinePolicies(
|
||||
const ParsedPermissionsPolicy& base_policy,
|
||||
const ParsedPermissionsPolicy& second_policy) {
|
||||
const network::ParsedPermissionsPolicy& base_policy,
|
||||
const network::ParsedPermissionsPolicy& second_policy) {
|
||||
PermissionsPolicy::AllowlistsAndReportingEndpoints
|
||||
allow_lists_and_reporting_endpoints =
|
||||
CreateAllowlistsAndReportingEndpoints(base_policy);
|
||||
for (const ParsedPermissionsPolicyDeclaration& parsed_declaration :
|
||||
for (const network::ParsedPermissionsPolicyDeclaration& parsed_declaration :
|
||||
second_policy) {
|
||||
network::mojom::PermissionsPolicyFeature feature =
|
||||
parsed_declaration.feature;
|
||||
@ -421,10 +422,10 @@ PermissionsPolicy::CombinePolicies(
|
||||
}
|
||||
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::WithClientHints(
|
||||
const ParsedPermissionsPolicy& parsed_header) const {
|
||||
const network::ParsedPermissionsPolicy& parsed_header) const {
|
||||
std::map<network::mojom::PermissionsPolicyFeature, Allowlist> allowlists =
|
||||
allowlists_;
|
||||
for (const ParsedPermissionsPolicyDeclaration& parsed_declaration :
|
||||
for (const network::ParsedPermissionsPolicyDeclaration& parsed_declaration :
|
||||
parsed_header) {
|
||||
network::mojom::PermissionsPolicyFeature feature =
|
||||
parsed_declaration.feature;
|
||||
@ -465,8 +466,8 @@ PermissionsPolicy::~PermissionsPolicy() = default;
|
||||
std::unique_ptr<PermissionsPolicy>
|
||||
PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
const PermissionsPolicy* parent_policy,
|
||||
const ParsedPermissionsPolicy& header_policy,
|
||||
const ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& header_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const url::Origin& subframe_origin) {
|
||||
return CreateFlexibleForFencedFrame(
|
||||
parent_policy, header_policy, container_policy, subframe_origin,
|
||||
@ -477,8 +478,8 @@ PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
std::unique_ptr<PermissionsPolicy>
|
||||
PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
const PermissionsPolicy* parent_policy,
|
||||
const ParsedPermissionsPolicy& header_policy,
|
||||
const ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& header_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const url::Origin& subframe_origin,
|
||||
const PermissionsPolicyFeatureList& features) {
|
||||
PermissionsPolicyFeatureState inherited_policies;
|
||||
@ -498,7 +499,7 @@ PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
// static
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
|
||||
const url::Origin& origin,
|
||||
const ParsedPermissionsPolicy& header_policy,
|
||||
const network::ParsedPermissionsPolicy& header_policy,
|
||||
base::span<const network::mojom::PermissionsPolicyFeature>
|
||||
effective_enabled_permissions) {
|
||||
return CreateFixedForFencedFrame(origin, header_policy,
|
||||
@ -509,7 +510,7 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
|
||||
// static
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
|
||||
const url::Origin& origin,
|
||||
const ParsedPermissionsPolicy& header_policy,
|
||||
const network::ParsedPermissionsPolicy& header_policy,
|
||||
const PermissionsPolicyFeatureList& features,
|
||||
base::span<const network::mojom::PermissionsPolicyFeature>
|
||||
effective_enabled_permissions) {
|
||||
@ -530,8 +531,8 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
|
||||
// static
|
||||
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParentPolicy(
|
||||
const PermissionsPolicy* parent_policy,
|
||||
const ParsedPermissionsPolicy& header_policy,
|
||||
const ParsedPermissionsPolicy& container_policy,
|
||||
const network::ParsedPermissionsPolicy& header_policy,
|
||||
const network::ParsedPermissionsPolicy& container_policy,
|
||||
const url::Origin& origin,
|
||||
const PermissionsPolicyFeatureList& features,
|
||||
bool headerless) {
|
||||
@ -624,7 +625,7 @@ bool PermissionsPolicy::InheritedValueForFeature(
|
||||
const PermissionsPolicy* parent_policy,
|
||||
std::pair<network::mojom::PermissionsPolicyFeature,
|
||||
PermissionsPolicyFeatureDefault> feature,
|
||||
const ParsedPermissionsPolicy& container_policy) {
|
||||
const network::ParsedPermissionsPolicy& container_policy) {
|
||||
// 9.7 1: If container is null, return "Enabled".
|
||||
if (!parent_policy) {
|
||||
return true;
|
||||
|
@ -1,25 +0,0 @@
|
||||
// Copyright 2017 The Chromium Authors
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#include "third_party/blink/common/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "url/mojom/origin_mojom_traits.h"
|
||||
#include "url/origin.h"
|
||||
|
||||
namespace mojo {
|
||||
|
||||
bool StructTraits<blink::mojom::ParsedPermissionsPolicyDeclarationDataView,
|
||||
blink::ParsedPermissionsPolicyDeclaration>::
|
||||
Read(blink::mojom::ParsedPermissionsPolicyDeclarationDataView in,
|
||||
blink::ParsedPermissionsPolicyDeclaration* out) {
|
||||
out->matches_all_origins = in.matches_all_origins();
|
||||
out->matches_opaque_src = in.matches_opaque_src();
|
||||
return in.ReadFeature(&out->feature) &&
|
||||
in.ReadAllowedOrigins(&out->allowed_origins) &&
|
||||
in.ReadSelfIfMatches(&out->self_if_matches);
|
||||
}
|
||||
|
||||
} // namespace mojo
|
@ -1,59 +0,0 @@
|
||||
// Copyright 2017 The Chromium Authors
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
#ifndef THIRD_PARTY_BLINK_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_
|
||||
#define THIRD_PARTY_BLINK_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_
|
||||
|
||||
#include <map>
|
||||
|
||||
#include "mojo/public/cpp/bindings/enum_traits.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
|
||||
#include "third_party/blink/common/permissions_policy/policy_value_mojom_traits.h"
|
||||
#include "third_party/blink/public/common/common_export.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
|
||||
#include "url/mojom/origin_mojom_traits.h"
|
||||
|
||||
namespace mojo {
|
||||
|
||||
template <>
|
||||
class BLINK_COMMON_EXPORT
|
||||
StructTraits<blink::mojom::ParsedPermissionsPolicyDeclarationDataView,
|
||||
blink::ParsedPermissionsPolicyDeclaration> {
|
||||
public:
|
||||
static network::mojom::PermissionsPolicyFeature feature(
|
||||
const blink::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.feature;
|
||||
}
|
||||
static const std::vector<network::OriginWithPossibleWildcards>&
|
||||
allowed_origins(const blink::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.allowed_origins;
|
||||
}
|
||||
static const std::optional<url::Origin>& self_if_matches(
|
||||
const blink::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.self_if_matches;
|
||||
}
|
||||
static bool matches_all_origins(
|
||||
const blink::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.matches_all_origins;
|
||||
}
|
||||
static bool matches_opaque_src(
|
||||
const blink::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.matches_opaque_src;
|
||||
}
|
||||
static const std::optional<std::string>& reporting_endpoint(
|
||||
const blink::ParsedPermissionsPolicyDeclaration& policy) {
|
||||
return policy.reporting_endpoint;
|
||||
}
|
||||
|
||||
static bool Read(blink::mojom::ParsedPermissionsPolicyDeclarationDataView in,
|
||||
blink::ParsedPermissionsPolicyDeclaration* out);
|
||||
};
|
||||
|
||||
} // namespace mojo
|
||||
|
||||
#endif // THIRD_PARTY_BLINK_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_
|
@ -12,6 +12,7 @@
|
||||
#include "base/test/gtest_util.h"
|
||||
#include "base/test/scoped_feature_list.h"
|
||||
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/cpp/resource_request.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
@ -77,19 +78,19 @@ class PermissionsPolicyTest : public testing::Test {
|
||||
|
||||
std::unique_ptr<PermissionsPolicy> CreateFromParentPolicy(
|
||||
const PermissionsPolicy* parent,
|
||||
ParsedPermissionsPolicy header_policy,
|
||||
network::ParsedPermissionsPolicy header_policy,
|
||||
const url::Origin& origin,
|
||||
bool headerless = false) {
|
||||
ParsedPermissionsPolicy empty_container_policy;
|
||||
network::ParsedPermissionsPolicy empty_container_policy;
|
||||
return PermissionsPolicy::CreateFromParentPolicy(
|
||||
parent, header_policy, empty_container_policy, origin, feature_list_,
|
||||
headerless);
|
||||
}
|
||||
|
||||
std::unique_ptr<PermissionsPolicy> CreateFromParsedPolicy(
|
||||
const ParsedPermissionsPolicy& parsed_policy,
|
||||
const network::ParsedPermissionsPolicy& parsed_policy,
|
||||
const url::Origin& origin,
|
||||
const std::optional<ParsedPermissionsPolicy>& base_policy =
|
||||
const std::optional<network::ParsedPermissionsPolicy>& base_policy =
|
||||
std::nullopt) {
|
||||
return PermissionsPolicy::CreateFromParsedPolicy(parsed_policy, base_policy,
|
||||
origin, feature_list_);
|
||||
@ -97,8 +98,8 @@ class PermissionsPolicyTest : public testing::Test {
|
||||
|
||||
std::unique_ptr<PermissionsPolicy> CreateFromParentWithFramePolicy(
|
||||
const PermissionsPolicy* parent,
|
||||
ParsedPermissionsPolicy header_policy,
|
||||
const ParsedPermissionsPolicy& frame_policy,
|
||||
network::ParsedPermissionsPolicy header_policy,
|
||||
const network::ParsedPermissionsPolicy& frame_policy,
|
||||
const url::Origin& origin,
|
||||
bool headerless = false) {
|
||||
return PermissionsPolicy::CreateFromParentPolicy(
|
||||
@ -107,16 +108,16 @@ class PermissionsPolicyTest : public testing::Test {
|
||||
|
||||
std::unique_ptr<PermissionsPolicy> CreateFlexibleForFencedFrame(
|
||||
const PermissionsPolicy* parent,
|
||||
ParsedPermissionsPolicy header_policy,
|
||||
network::ParsedPermissionsPolicy header_policy,
|
||||
const url::Origin& origin) {
|
||||
ParsedPermissionsPolicy empty_container_policy;
|
||||
network::ParsedPermissionsPolicy empty_container_policy;
|
||||
return PermissionsPolicy::CreateFlexibleForFencedFrame(
|
||||
parent, header_policy, empty_container_policy, origin, feature_list_);
|
||||
}
|
||||
|
||||
std::unique_ptr<PermissionsPolicy> CreateFixedForFencedFrame(
|
||||
const url::Origin& origin,
|
||||
ParsedPermissionsPolicy header_policy,
|
||||
network::ParsedPermissionsPolicy header_policy,
|
||||
base::span<const network::mojom::PermissionsPolicyFeature>
|
||||
effective_enabled_permissions) {
|
||||
return PermissionsPolicy::CreateFixedForFencedFrame(
|
||||
@ -385,7 +386,7 @@ TEST_F(PermissionsPolicyTest,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ASSERT_TRUE(policy1->IsFeatureEnabled(kDefaultOffFeature));
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultOffFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_a_,
|
||||
@ -452,7 +453,7 @@ TEST_F(PermissionsPolicyTest,
|
||||
ASSERT_TRUE(policy1->IsFeatureEnabled(kDefaultOffFeature));
|
||||
|
||||
{
|
||||
ParsedPermissionsPolicy frame_policy = {{
|
||||
network::ParsedPermissionsPolicy frame_policy = {{
|
||||
{kDefaultOffFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_a_,
|
||||
@ -491,7 +492,7 @@ TEST_F(PermissionsPolicyTest,
|
||||
// +--------------------------------------------------------------+
|
||||
// Features disabled in the parent should not be enabled in a headerless
|
||||
// subframe.
|
||||
ParsedPermissionsPolicy header_policy = {{
|
||||
network::ParsedPermissionsPolicy header_policy = {{
|
||||
{kDefaultOnFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -512,7 +513,7 @@ TEST_F(PermissionsPolicyTest,
|
||||
ASSERT_FALSE(policy1->IsFeatureEnabled(kDefaultOffFeature));
|
||||
|
||||
{
|
||||
ParsedPermissionsPolicy frame_policy = {{
|
||||
network::ParsedPermissionsPolicy frame_policy = {{
|
||||
{kDefaultOffFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -558,7 +559,7 @@ TEST_F(PermissionsPolicyTest,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ASSERT_TRUE(policy1->IsFeatureEnabled(kDefaultOffFeature));
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultOffFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -741,7 +742,7 @@ TEST_F(PermissionsPolicyTest, TestSelectiveFrameInheritance2) {
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -925,7 +926,7 @@ TEST_F(PermissionsPolicyTest, TestEnableForAllOriginsAndDelegate) {
|
||||
/*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1075,7 +1076,7 @@ TEST_F(PermissionsPolicyTest, TestDefaultSelfRespectsSameOriginEmbedding) {
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/origin_b_,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1115,7 +1116,7 @@ TEST_F(PermissionsPolicyTest, TestDelegationRequiredAtAllLevels) {
|
||||
/*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -1186,14 +1187,14 @@ TEST_F(PermissionsPolicyTest, TestEnabledFrameCanDelegate) {
|
||||
// Feature should be enabled in all frames.
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/origin_b_,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/origin_c_,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1315,7 +1316,7 @@ TEST_F(PermissionsPolicyTest, TestFeaturesAreIndependent) {
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1329,7 +1330,7 @@ TEST_F(PermissionsPolicyTest, TestFeaturesAreIndependent) {
|
||||
/*matches_opaque_src=*/false}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_c_,
|
||||
@ -1370,7 +1371,7 @@ TEST_F(PermissionsPolicyTest, TestSimpleFramePolicy) {
|
||||
// <iframe allow="default-self">
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1403,7 +1404,7 @@ TEST_F(PermissionsPolicyTest, TestAllOriginFramePolicy) {
|
||||
// <iframe allowfullscreen>
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -1444,7 +1445,7 @@ TEST_F(PermissionsPolicyTest, TestFramePolicyCanBeFurtherDelegated) {
|
||||
// delegated through frame policy.
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy1 = {{
|
||||
network::ParsedPermissionsPolicy frame_policy1 = {{
|
||||
{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1455,7 +1456,7 @@ TEST_F(PermissionsPolicyTest, TestFramePolicyCanBeFurtherDelegated) {
|
||||
}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {{
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {{
|
||||
{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_c_,
|
||||
@ -1499,14 +1500,14 @@ TEST_F(PermissionsPolicyTest, TestDefaultOnCanBeDisabledByFramePolicy) {
|
||||
// child frames because permission was removed through frame policy.
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy1 = {
|
||||
network::ParsedPermissionsPolicy frame_policy1 = {
|
||||
{{kDefaultOnFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {
|
||||
{{kDefaultOnFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1564,14 +1565,14 @@ TEST_F(PermissionsPolicyTest, TestFramePolicyModifiesHeaderPolicy) {
|
||||
/*matches_opaque_src=*/false},
|
||||
}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy1 = {
|
||||
network::ParsedPermissionsPolicy frame_policy1 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {{
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {{
|
||||
{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1619,7 +1620,7 @@ TEST_F(PermissionsPolicyTest, TestCombineFrameAndHeaderPolicies) {
|
||||
// 4. Feature should be disabled in frame 3 by frame policy.
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy1 = {
|
||||
network::ParsedPermissionsPolicy frame_policy1 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1634,7 +1635,7 @@ TEST_F(PermissionsPolicyTest, TestCombineFrameAndHeaderPolicies) {
|
||||
/*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
frame_policy1, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1678,7 +1679,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDeclinedAtTopLevel) {
|
||||
/*matches_opaque_src=*/false},
|
||||
}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy1 = {{
|
||||
network::ParsedPermissionsPolicy frame_policy1 = {{
|
||||
{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1689,7 +1690,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDeclinedAtTopLevel) {
|
||||
}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -1739,7 +1740,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDelegatedAndAllowed) {
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy1 = {
|
||||
network::ParsedPermissionsPolicy frame_policy1 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_a_,
|
||||
@ -1749,7 +1750,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDelegatedAndAllowed) {
|
||||
/*matches_opaque_src=*/false}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy2 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -1759,7 +1760,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDelegatedAndAllowed) {
|
||||
/*matches_opaque_src=*/false}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy3 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy2, origin_b_);
|
||||
ParsedPermissionsPolicy frame_policy3 = {
|
||||
network::ParsedPermissionsPolicy frame_policy3 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -1824,7 +1825,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFramePolicyForAllOrigins) {
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
url::Origin sandboxed_origin = url::Origin();
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -1856,7 +1857,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFramePolicyForSelf) {
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
url::Origin sandboxed_origin = url::Origin();
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/sandboxed_origin,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -1888,7 +1889,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFramePolicyForOpaqueSrcOrigin) {
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
url::Origin sandboxed_origin = url::Origin();
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1924,7 +1925,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFrameFromHeaderPolicy) {
|
||||
/*matches_opaque_src=*/false}}},
|
||||
origin_a_);
|
||||
url::Origin sandboxed_origin = url::Origin();
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -1958,7 +1959,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedPolicyIsNotInherited) {
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
url::Origin sandboxed_origin_1 = url::Origin();
|
||||
url::Origin sandboxed_origin_2 = url::Origin();
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -2005,14 +2006,14 @@ TEST_F(PermissionsPolicyTest, TestSandboxedPolicyCanBePropagated) {
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
url::Origin sandboxed_origin_1 = origin_a_.DeriveNewOpaqueOrigin();
|
||||
url::Origin sandboxed_origin_2 = sandboxed_origin_1.DeriveNewOpaqueOrigin();
|
||||
ParsedPermissionsPolicy frame_policy_1 = {
|
||||
network::ParsedPermissionsPolicy frame_policy_1 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/true}}};
|
||||
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy_1, sandboxed_origin_1);
|
||||
ParsedPermissionsPolicy frame_policy_2 = {
|
||||
network::ParsedPermissionsPolicy frame_policy_2 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -2042,7 +2043,7 @@ TEST_F(PermissionsPolicyTest, TestUndefinedFeaturesInFramePolicy) {
|
||||
// present in a container policy.
|
||||
std::unique_ptr<PermissionsPolicy> policy1 =
|
||||
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
|
||||
ParsedPermissionsPolicy frame_policy = {
|
||||
network::ParsedPermissionsPolicy frame_policy = {
|
||||
{{network::mojom::PermissionsPolicyFeature::kNotFound,
|
||||
/*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
@ -2692,7 +2693,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestCompletelyBlockedPolicy) {
|
||||
CreateFromParentPolicy(policy1.get(), /*header_policy=*/{}, origin_b_);
|
||||
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy4 = {
|
||||
network::ParsedPermissionsPolicy frame_policy4 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -2701,7 +2702,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestCompletelyBlockedPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy4, origin_b_);
|
||||
EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy5 = {
|
||||
network::ParsedPermissionsPolicy frame_policy5 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -2713,7 +2714,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestCompletelyBlockedPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
|
||||
EXPECT_FALSE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy6 = {
|
||||
network::ParsedPermissionsPolicy frame_policy6 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_c_,
|
||||
@ -2771,7 +2772,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestDisallowedCrossOriginChildPolicy) {
|
||||
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
// This is a critical change from the existing semantics.
|
||||
ParsedPermissionsPolicy frame_policy4 = {
|
||||
network::ParsedPermissionsPolicy frame_policy4 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -2781,7 +2782,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestDisallowedCrossOriginChildPolicy) {
|
||||
EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
// This is a critical change from the existing semantics.
|
||||
ParsedPermissionsPolicy frame_policy5 = {
|
||||
network::ParsedPermissionsPolicy frame_policy5 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -2793,7 +2794,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestDisallowedCrossOriginChildPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
|
||||
EXPECT_FALSE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy6 = {
|
||||
network::ParsedPermissionsPolicy frame_policy6 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_c_,
|
||||
@ -2855,7 +2856,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllowedCrossOriginChildPolicy) {
|
||||
CreateFromParentPolicy(policy1.get(), /*header_policy=*/{}, origin_b_);
|
||||
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy4 = {
|
||||
network::ParsedPermissionsPolicy frame_policy4 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -2864,7 +2865,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllowedCrossOriginChildPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy4, origin_b_);
|
||||
EXPECT_TRUE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy5 = {
|
||||
network::ParsedPermissionsPolicy frame_policy5 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -2876,7 +2877,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllowedCrossOriginChildPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
|
||||
EXPECT_TRUE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy6 = {
|
||||
network::ParsedPermissionsPolicy frame_policy6 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_c_,
|
||||
@ -2935,7 +2936,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllAllowedCrossOriginChildPolicy) {
|
||||
CreateFromParentPolicy(policy1.get(), /*header_policy=*/{}, origin_b_);
|
||||
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy4 = {
|
||||
network::ParsedPermissionsPolicy frame_policy4 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -2944,7 +2945,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllAllowedCrossOriginChildPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy4, origin_b_);
|
||||
EXPECT_TRUE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy5 = {
|
||||
network::ParsedPermissionsPolicy frame_policy5 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -2956,7 +2957,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllAllowedCrossOriginChildPolicy) {
|
||||
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
|
||||
EXPECT_TRUE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
ParsedPermissionsPolicy frame_policy6 = {
|
||||
network::ParsedPermissionsPolicy frame_policy6 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_c_,
|
||||
@ -3003,7 +3004,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestNestedPolicyPropagates) {
|
||||
EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultSelfFeature));
|
||||
|
||||
// The proposed value in frame 2 should affect the proposed value in frame 3.
|
||||
ParsedPermissionsPolicy frame_policy3 = {
|
||||
network::ParsedPermissionsPolicy frame_policy3 = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -3072,7 +3073,7 @@ TEST_F(PermissionsPolicyTest, CreateForSharedStorageFencedFrame) {
|
||||
}
|
||||
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicy) {
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_a_,
|
||||
@ -3091,7 +3092,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicy) {
|
||||
}
|
||||
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyExcludingSelf) {
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -3107,7 +3108,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyExcludingSelf) {
|
||||
}
|
||||
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithEmptyAllowlist) {
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -3118,7 +3119,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithEmptyAllowlist) {
|
||||
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithBasePolicy) {
|
||||
url::Origin origin_self = url::Origin::Create(GURL("https://example.edu/"));
|
||||
ParsedPermissionsPolicy base_policy = {
|
||||
network::ParsedPermissionsPolicy base_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{
|
||||
*network::OriginWithPossibleWildcards::
|
||||
@ -3131,7 +3132,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithBasePolicy) {
|
||||
/*self_if_matches=*/origin_self,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{
|
||||
*network::OriginWithPossibleWildcards::
|
||||
@ -3158,12 +3159,12 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithBasePolicy) {
|
||||
TEST_F(PermissionsPolicyTest,
|
||||
CreateFromParsedPolicyWithBasePolicyExcludingSelf) {
|
||||
url::Origin origin_self = url::Origin::Create(GURL("https://example.edu/"));
|
||||
ParsedPermissionsPolicy base_policy = {
|
||||
network::ParsedPermissionsPolicy base_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/origin_a_,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -3175,12 +3176,12 @@ TEST_F(PermissionsPolicyTest,
|
||||
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithoutSelfWithBasePolicy) {
|
||||
url::Origin origin_self = url::Origin::Create(GURL("https://example.edu/"));
|
||||
ParsedPermissionsPolicy base_policy = {
|
||||
network::ParsedPermissionsPolicy base_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/origin_a_,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/false,
|
||||
@ -3192,7 +3193,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithoutSelfWithBasePolicy) {
|
||||
|
||||
TEST_F(PermissionsPolicyTest,
|
||||
CreateFromParsedPolicyWildcardWithMoreRestrictiveBasePolicy) {
|
||||
ParsedPermissionsPolicy base_policy = {
|
||||
network::ParsedPermissionsPolicy base_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_b_,
|
||||
@ -3200,7 +3201,7 @@ TEST_F(PermissionsPolicyTest,
|
||||
/*self_if_matches=*/origin_a_,
|
||||
/*matches_all_origins=*/false,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
@ -3215,12 +3216,12 @@ TEST_F(PermissionsPolicyTest,
|
||||
}
|
||||
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithWildcardBasePolicy) {
|
||||
ParsedPermissionsPolicy base_policy = {
|
||||
network::ParsedPermissionsPolicy base_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/
|
||||
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
|
||||
origin_a_,
|
||||
@ -3240,12 +3241,12 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithWildcardBasePolicy) {
|
||||
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithMissingBasePolicy) {
|
||||
// Tests a parsed policy that includes an allowlist for a feature not
|
||||
// declared in the base policy.
|
||||
ParsedPermissionsPolicy base_policy = {
|
||||
network::ParsedPermissionsPolicy base_policy = {
|
||||
{{kDefaultOnFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
/*matches_opaque_src=*/false}}};
|
||||
ParsedPermissionsPolicy parsed_policy = {
|
||||
network::ParsedPermissionsPolicy parsed_policy = {
|
||||
{{kDefaultSelfFeature, /*allowed_origins=*/{},
|
||||
/*self_if_matches=*/std::nullopt,
|
||||
/*matches_all_origins=*/true,
|
||||
|
2
third_party/blink/public/common/BUILD.gn
vendored
2
third_party/blink/public/common/BUILD.gn
vendored
@ -273,7 +273,6 @@ source_set("headers") {
|
||||
"permissions_policy/document_policy.h",
|
||||
"permissions_policy/document_policy_features.h",
|
||||
"permissions_policy/permissions_policy.h",
|
||||
"permissions_policy/permissions_policy_declaration.h",
|
||||
"permissions_policy/permissions_policy_features.h",
|
||||
"permissions_policy/policy_helper_public.h",
|
||||
"permissions_policy/policy_value.h",
|
||||
@ -330,6 +329,7 @@ source_set("headers") {
|
||||
"//mojo/public/cpp/bindings",
|
||||
"//services/metrics/public/cpp:metrics_cpp",
|
||||
"//services/network/public/cpp:cpp",
|
||||
"//services/network/public/mojom:mojom_permissions_policy",
|
||||
"//skia",
|
||||
"//skia/public/mojom:shared_typemap_traits",
|
||||
"//third_party/blink/public:runtime_features_for_public",
|
||||
|
@ -14,9 +14,9 @@
|
||||
#include <vector>
|
||||
|
||||
#include "net/base/schemeful_site.h"
|
||||
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
|
||||
#include "third_party/blink/public/common/common_export.h"
|
||||
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
|
||||
#include "third_party/blink/public/mojom/fenced_frame/fenced_frame_config.mojom-forward.h"
|
||||
#include "ui/gfx/geometry/size.h"
|
||||
#include "url/gurl.h"
|
||||
@ -74,7 +74,7 @@ struct BLINK_COMMON_EXPORT SharedStorageBudgetMetadata {
|
||||
};
|
||||
|
||||
struct BLINK_COMMON_EXPORT ParentPermissionsInfo {
|
||||
std::vector<blink::ParsedPermissionsPolicyDeclaration>
|
||||
std::vector<network::ParsedPermissionsPolicyDeclaration>
|
||||
parsed_permissions_policy;
|
||||
url::Origin origin;
|
||||
};
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user