Add permissions patches #74
Conversation
|
Is this ready for my review right now or is it still in draft shape? |
This is ready for your review, but is not ready to be taken out of draft. There are a couple TODOs still in the patches that I need your input on how to handle. |
Can you be more specific with what you need help on? |
I'm not entirely sure how to get access to the fenced frame config. There are 2 places where algorithms will need access to a fenced frame config object to get the required permissions to load:
The fenced frame config piece isn't fully spec'd out, and I want to make sure that what I'm trying to do is actually feasible/the fenced frame config object is going to be in a place where both algorithms can access them. |
Let me make sure I understand: these are cases where you are effectively "inside" the fenced frame and you need to access i.e., the "fenced frame properties" implementation-equivalent object in the spec, right? (Basically what we have in DocumentLoader in our implementation inside the FF renderer?) In that case, I think you can do what we do in https://wicg.github.io/fenced-frame/#ref-for-fenced-frame-config-instance%E2%91%A2, including with the XXX box below until I fix that :/ Does that help? |
|
Please feel free to mark all previous discussions has "resolved" with the GitHub UI just so I'm sure which ones still need attention vs which ones are indeed addressed. |
OK this was fixed in #80. Now you can just use https://wicg.github.io/fenced-frame/#navigable-fenced-frame-config-instance as it is referenced elsewhere. |
|
@gtanzer Can you take a look at specifically the changes to fenced frame config (+ instance): https://pr-preview.s3.amazonaws.com/WICG/fenced-frame/74/4686c12...7c8a3ba.html#fenced-frame-config-required-permissions-to-load. |
…ce they are the same
-split off "create a permissions policy" algorithm into fenced and unfenced versions - can load check calls unfenced version, keeps rest of algorithm in tact - modify "create a permissions policy for a navigable from response" step 1 to have a fenced and unfenced if statement
… into liam-permissions
| </div> | ||
|
|
||
| <div algorithm=define-inherited-policy-in-container-patches> | ||
| Modify the [$Define an inherited policy for feature in container at origin$] algorithm to |
There was a problem hiding this comment.
Do we need to also modify this algorithm to "fence" the container policy look-up? Right now https://w3c.github.io/webappsec-permissions-policy/#define-inherited-policy-in-container looks at the container policy (which may contain 'none', self', 'src, '*', or an origin) and runs the "matches" algorithm there. I think we'll need to ensure that 'self', 'src', and "an origin" are "fenced" and fail right? Or is there a reason we don't have to do this?
There was a problem hiding this comment.
Filed #82 so we can just land this PR now.
SHA: cc80a57 Reason: push, by domfarolino Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Preview | Diff