Private State Token API Permissions Policy Default Allowlist Wildcard

Access to the Private State Token API is gated by Permissions Policy features. We proposed to update the default allowlist for both `private-state-token-issuance` and `private-state-token-redemption` features from self to * (wildcard). https://chromestatus.com/feature/5078049450098688 https://groups.google.com/a/chromium.org/g/blink-dev/c/5jI8kLLdIFw Commit: false Bug: 353738486 Change-Id: I20cba9232d3b6ac874c7c91b254a66573d60578b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5844771 Commit-Queue: Ari Chivukula <[email protected]> Reviewed-by: Steven Valdez <[email protected]> Cr-Commit-Position: refs/heads/main@{#1380010}
web-platform-tests · Nov 7, 2024 · 4537d92 · 4537d92
1 parent 1b37e8e
commit 4537d92
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/...atures/private-state-token-redemption-default-permissions-policy.tentative.https.sub.html b/...atures/private-state-token-redemption-default-permissions-policy.tentative.https.sub.html
@@ -59,8 +59,15 @@
     async_test(t => {
       test_feature_availability('Private state token redemption', t, cross_origin_src,
         (data, desc) => {
-          assert_equals(data.num_operations_enabled, 0, desc);
+          assert_equals(data.num_operations_enabled, 4, desc);
         });
-    }, header + ' disallows cross-origin iframes.');
+    }, header + ' allows cross-origin iframes.');
+
+    async_test(t => {
+    test_feature_availability(
+        'Private State Token issuance request', t, cross_origin_src,
+        (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);},
+        'private-state-token-redemption \'none\'');
+  }, header + ' and allow="private-state-token-redemption \'none\'" disallows cross-origin iframes.');
   </script>
 </body>
diff --git a/...s-policy/private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html b/...s-policy/private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html
@@ -45,14 +45,14 @@
     test_feature_availability('Private State Token issuance request', t,
         cross_origin_src,
         (data, desc) => {
-            assert_equals(data.num_operations_enabled, 0, desc);});
-  }, test_desc_begin + ' disallows cross-origin iframes.');
+            assert_equals(data.num_operations_enabled, 2, desc);});
+  }, test_desc_begin + ' allows cross-origin iframes.');
 
   async_test(t => {
     test_feature_availability(
         'Private State Token issuance request', t, cross_origin_src,
-        (data, desc) => {assert_equals(data.num_operations_enabled, 2, desc);},
-        'private-state-token-issuance');
-  }, test_desc_begin + ' and allow="private-state-token-issuance" allows cross-origin iframes.');
+        (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);},
+        'private-state-token-issuance \'none\'');
+  }, test_desc_begin + ' and allow="private-state-token-issuance \'none\'" disallows cross-origin iframes.');
   </script>
 </body>