Bug 1460986 - Implement publickey-credentials-get in pp. r=jschanck,d…

…veditz This implements publickey-credentials-get in Permissions-Policy. This allows for cross-origin credentials.get() which is currently only possible in Chrome. This is similar to D42445 but uses the correct name from https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#directives Credential creation is not touched since there is no specification for it yet: w3c/webauthn#1656 Differential Revision: https://phabricator.services.mozilla.com/D174108
mozilla · Aug 17, 2023 · 6b3e566 · 6b3e566
1 parent 54ebd5b
commit 6b3e566
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/dom/credentialmanagement/CredentialsContainer.cpp b/dom/credentialmanagement/CredentialsContainer.cpp
@@ -6,6 +6,7 @@
 
 #include "mozilla/dom/Credential.h"
 #include "mozilla/dom/CredentialsContainer.h"
+#include "mozilla/dom/FeaturePolicyUtils.h"
 #include "mozilla/dom/IdentityCredential.h"
 #include "mozilla/dom/Promise.h"
 #include "mozilla/StaticPrefs_dom.h"
@@ -145,7 +146,10 @@ already_AddRefed<Promise> CredentialsContainer::Get(
 
   if (aOptions.mPublicKey.WasPassed() &&
       StaticPrefs::security_webauth_webauthn()) {
-    if (!IsSameOriginWithAncestors(mParent) || !IsInActiveTab(mParent)) {
+    MOZ_ASSERT(mParent);
+    if (!FeaturePolicyUtils::IsFeatureAllowed(
+            mParent->GetExtantDoc(), u"publickey-credentials-get"_ns) ||
+        !IsInActiveTab(mParent)) {
       return CreateAndRejectWithNotAllowed(mParent, aRv);
     }
 

diff --git a/dom/security/featurepolicy/FeaturePolicyUtils.cpp b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@@ -36,6 +36,8 @@ static FeatureMap sSupportedFeatures[] = {
     {"fullscreen", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"web-share", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"gamepad", FeaturePolicyUtils::FeaturePolicyValue::eAll},
+    {"publickey-credentials-get",
+     FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"speaker-selection", FeaturePolicyUtils::FeaturePolicyValue::eSelf},
     {"storage-access", FeaturePolicyUtils::FeaturePolicyValue::eAll},
 };

diff --git a/dom/security/featurepolicy/test/mochitest/test_featureList.html b/dom/security/featurepolicy/test/mochitest/test_featureList.html
@@ -19,6 +19,7 @@
   "microphone",
   "midi",
   "payment",
+  "publickey-credentials-get",
   "storage-access",
   "display-capture",
   "document-domain",