From 4537d926e08354da3b10beb278a38fdedfa13137 Mon Sep 17 00:00:00 2001 From: Ari Chivukula Date: Thu, 7 Nov 2024 15:36:27 -0800 Subject: [PATCH] Private State Token API Permissions Policy Default Allowlist Wildcard Access to the Private State Token API is gated by Permissions Policy features. We proposed to update the default allowlist for both `private-state-token-issuance` and `private-state-token-redemption` features from self to * (wildcard). https://chromestatus.com/feature/5078049450098688 https://groups.google.com/a/chromium.org/g/blink-dev/c/5jI8kLLdIFw Commit: false Bug: 353738486 Change-Id: I20cba9232d3b6ac874c7c91b254a66573d60578b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5844771 Commit-Queue: Ari Chivukula Reviewed-by: Steven Valdez Cr-Commit-Position: refs/heads/main@{#1380010} --- ...efault-permissions-policy.tentative.https.sub.html | 11 +++++++++-- ...led-by-permissions-policy.tentative.https.sub.html | 10 +++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/permissions-policy/experimental-features/private-state-token-redemption-default-permissions-policy.tentative.https.sub.html b/permissions-policy/experimental-features/private-state-token-redemption-default-permissions-policy.tentative.https.sub.html index 4962b42721dfde..dc6bc5a7dcbdb6 100644 --- a/permissions-policy/experimental-features/private-state-token-redemption-default-permissions-policy.tentative.https.sub.html +++ b/permissions-policy/experimental-features/private-state-token-redemption-default-permissions-policy.tentative.https.sub.html @@ -59,8 +59,15 @@ async_test(t => { test_feature_availability('Private state token redemption', t, cross_origin_src, (data, desc) => { - assert_equals(data.num_operations_enabled, 0, desc); + assert_equals(data.num_operations_enabled, 4, desc); }); - }, header + ' disallows cross-origin iframes.'); + }, header + ' allows cross-origin iframes.'); + + async_test(t => { + test_feature_availability( + 'Private State Token issuance request', t, cross_origin_src, + (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);}, + 'private-state-token-redemption \'none\''); + }, header + ' and allow="private-state-token-redemption \'none\'" disallows cross-origin iframes.'); diff --git a/permissions-policy/private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html b/permissions-policy/private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html index 4b446f98d7c34a..e5b8291b3aa0f2 100644 --- a/permissions-policy/private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html +++ b/permissions-policy/private-state-token-issue-enabled-by-permissions-policy.tentative.https.sub.html @@ -45,14 +45,14 @@ test_feature_availability('Private State Token issuance request', t, cross_origin_src, (data, desc) => { - assert_equals(data.num_operations_enabled, 0, desc);}); - }, test_desc_begin + ' disallows cross-origin iframes.'); + assert_equals(data.num_operations_enabled, 2, desc);}); + }, test_desc_begin + ' allows cross-origin iframes.'); async_test(t => { test_feature_availability( 'Private State Token issuance request', t, cross_origin_src, - (data, desc) => {assert_equals(data.num_operations_enabled, 2, desc);}, - 'private-state-token-issuance'); - }, test_desc_begin + ' and allow="private-state-token-issuance" allows cross-origin iframes.'); + (data, desc) => {assert_equals(data.num_operations_enabled, 0, desc);}, + 'private-state-token-issuance \'none\''); + }, test_desc_begin + ' and allow="private-state-token-issuance \'none\'" disallows cross-origin iframes.');