Send reports for Permissions Policy violations in iframe to parent frame's endpoint #546
+99
−12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Friendly ping @clelland :) |
|
@clelland, I've introduced |
clelland
reviewed
Aug 14, 2024
clelland
reviewed
Aug 14, 2024
|
@clelland, PTAL when you have time! |
clelland
reviewed
Sep 6, 2024
Add a monkey patch
clelland
reviewed
Sep 21, 2024
|
This is looking really good, @shhnjk - other than one nit, I think it's probably good to merge |
|
@clelland feel free to merge this :) |
|
Thanks, @shhnjk ! This looks good now. |
aarongable
pushed a commit
to chromium/chromium
that referenced
this pull request
Jan 8, 2025
Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <[email protected]> Reviewed-by: Mustafa Emre Acer <[email protected]> Auto-Submit: Jun Kokatsu <[email protected]> Commit-Queue: Mustafa Emre Acer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1403647}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 8, 2025
Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <[email protected]> Reviewed-by: Mustafa Emre Acer <[email protected]> Auto-Submit: Jun Kokatsu <[email protected]> Commit-Queue: Mustafa Emre Acer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1403647}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 8, 2025
Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <[email protected]> Reviewed-by: Mustafa Emre Acer <[email protected]> Auto-Submit: Jun Kokatsu <[email protected]> Commit-Queue: Mustafa Emre Acer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1403647}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jan 13, 2025
…ial permissions policy violation, a=testonly Automatic update from web-platform-tests Add a runtime enabled feature for potential permissions policy violation Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <[email protected]> Reviewed-by: Mustafa Emre Acer <[email protected]> Auto-Submit: Jun Kokatsu <[email protected]> Commit-Queue: Mustafa Emre Acer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1403647} -- wpt-commits: 0da5f39aed96a8635d840b0c39ebf28133d1b218 wpt-pr: 49978
sadym-chromium
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jan 14, 2025
Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <[email protected]> Reviewed-by: Mustafa Emre Acer <[email protected]> Auto-Submit: Jun Kokatsu <[email protected]> Commit-Queue: Mustafa Emre Acer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1403647}
i3roly
pushed a commit
to i3roly/firefox-dynasty
that referenced
this pull request
Jan 14, 2025
…ial permissions policy violation, a=testonly Automatic update from web-platform-tests Add a runtime enabled feature for potential permissions policy violation Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <[email protected]> Reviewed-by: Mustafa Emre Acer <[email protected]> Auto-Submit: Jun Kokatsu <[email protected]> Commit-Queue: Mustafa Emre Acer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1403647} -- wpt-commits: 0da5f39aed96a8635d840b0c39ebf28133d1b218 wpt-pr: 49978
This was referenced Jan 15, 2025
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jan 16, 2025
…ial permissions policy violation, a=testonly Automatic update from web-platform-tests Add a runtime enabled feature for potential permissions policy violation Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <iclellandchromium.org> Reviewed-by: Mustafa Emre Acer <meacerchromium.org> Auto-Submit: Jun Kokatsu <jkokatsugoogle.com> Commit-Queue: Mustafa Emre Acer <meacerchromium.org> Cr-Commit-Position: refs/heads/main{#1403647} -- wpt-commits: 0da5f39aed96a8635d840b0c39ebf28133d1b218 wpt-pr: 49978 UltraBlame original commit: 60d9a821c4239f18f01e796616ff8a0a32733e6d
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jan 16, 2025
…ial permissions policy violation, a=testonly Automatic update from web-platform-tests Add a runtime enabled feature for potential permissions policy violation Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <iclellandchromium.org> Reviewed-by: Mustafa Emre Acer <meacerchromium.org> Auto-Submit: Jun Kokatsu <jkokatsugoogle.com> Commit-Queue: Mustafa Emre Acer <meacerchromium.org> Cr-Commit-Position: refs/heads/main{#1403647} -- wpt-commits: 0da5f39aed96a8635d840b0c39ebf28133d1b218 wpt-pr: 49978 UltraBlame original commit: 60d9a821c4239f18f01e796616ff8a0a32733e6d
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jan 16, 2025
…ial permissions policy violation, a=testonly Automatic update from web-platform-tests Add a runtime enabled feature for potential permissions policy violation Implements w3c/webappsec-permissions-policy#546 Bug: 40941424 Change-Id: I969a7ce326986b2a05f9417038f5d164ca6308dc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925839 Reviewed-by: Ian Clelland <iclellandchromium.org> Reviewed-by: Mustafa Emre Acer <meacerchromium.org> Auto-Submit: Jun Kokatsu <jkokatsugoogle.com> Commit-Queue: Mustafa Emre Acer <meacerchromium.org> Cr-Commit-Position: refs/heads/main{#1403647} -- wpt-commits: 0da5f39aed96a8635d840b0c39ebf28133d1b218 wpt-pr: 49978 UltraBlame original commit: 60d9a821c4239f18f01e796616ff8a0a32733e6d
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change implements permission policy reporting for potential Permissions Policy violations to parent frames.
Currently, Permissions Policy violations inside an iframe is not sent to parent frame, because of security concerns. However, this makes it difficult for websites to roll out Permissions Policy because the site owner does not have insight into permission breakage in iframes.
The change is implemented in a way that it does not leak any new information to parent frame, while sending signals that iframes might be affected by the Permissions Policy.
Fixes: #537
Preview | Diff