Ignore COEP on non-secure contexts

Fixes whatwg#6328
yutakahirano · Jan 28, 2021 · 810bb7e · 810bb7e
1 parent f6bc62f
commit 810bb7e
Showing 1 changed file with 25 additions and 11 deletions.
diff --git a/source b/source
@@ -81047,7 +81047,8 @@ interface <dfn>BarProp</dfn> {
 
       <ol>
        <li><p>Let <var>coep</var> be the result of <span data-x="obtain an embedder
-       policy">obtaining a cross-origin embedder policy</span> from <var>response</var>.</p></li>
+       policy">obtaining a cross-origin embedder policy</span> from <var>response</var> and
+       <var>reservedEnvironment</var>.</p></li>
 
        <li><p>If <var>coep</var>'s <span data-x="embedder-policy-value">value</span> is "<code
        data-x="coep-require-corp">require-corp</code>", then set <var>policy</var>'s <span
@@ -81087,7 +81088,8 @@ interface <dfn>BarProp</dfn> {
 
       <ol>
        <li><p>Let <var>coep</var> be the result of <span data-x="obtain an embedder
-       policy">obtaining a cross-origin embedder policy</span> from <var>response</var>.</p></li>
+       policy">obtaining a cross-origin embedder policy</span> from <var>response</var> and
+       <var>reservedEnvironment</var>.</p></li>
 
        <li>
         <p>If <var>coep</var>'s <span data-x="embedder-policy-value">value</span> is "<code
@@ -82214,11 +82216,15 @@ interface <dfn>BarProp</dfn> {
   <hr>
 
   <p>To <dfn export>obtain an embedder policy</dfn> from a <span
-  data-x="concept-response">response</span> <var>response</var>:</p>
+  data-x="concept-response">response</span> <var>response</var> and an <span>environment</span>
+  <var>environment</var>:</p>
 
   <ol>
    <li><p>Let <var>policy</var> be a new <span>embedder policy</span>.</p></li>
 
+   <li><p>If <var>environment</var> is a <span>non-secure context</span>, then return
+   <var>policy</var>.</p></li>
+
    <li><p>Let <var>parsedItem</var> be the result of <span>getting a structured field value</span>
    with `<code>Cross-Origin-Embedder-Policy</code>` and "<code data-x="">item</code>" from
    <var>response</var>'s <span data-x="concept-response-header-list">header list</span>.</p></li>
@@ -82264,15 +82270,16 @@ interface <dfn>BarProp</dfn> {
   <h4>Embedder policy checks</h4>
 
   <p>To <dfn>check a navigation response's adherence to its embedder policy</dfn> given a <span
-  data-x="concept-response">response</span> <var>response</var> and a <span>browsing context</span>
-  <var>target</var>:</p>
+  data-x="concept-response">response</span> <var>response</var>, a <span>browsing context</span>
+  <var>target</var>, and an <span>environment</span> <var>environment</var>:</p>
 
   <ol>
    <li><p>If <var>target</var> is not a <span>child browsing context</span>, then return
    true.</p></li>
 
    <li><p>Let <var>responsePolicy</var> be the result of <span data-x="obtain an embedder
-   policy">obtaining an embedder policy</span> from <var>response</var>.</p></li>
+   policy">obtaining an embedder policy</span> from <var>response</var> and
+   <var>environment</var>.</p></li>
 
    <li><p>Let <var>parentPolicy</var> be <var>target</var>'s <span
    data-x="bc-container-document">container document</span>'s <span
@@ -84755,10 +84762,13 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
     <var>navigationType</var>, and <var>browsingContext</var> is "<code data-x="">Blocked</code>",
     then set <var>failure</var> to true. <ref spec="CSP"></p>
 
-    <p>Otherwise, if the result of <span data-x="check a navigation response's adherence to its
+    <p>Otherwise, if <var>navigationParams</var>'s <span
+    data-x="navigation-params-reserved-environment">reserved environment</span> is non-null and
+    the result of <span data-x="check a navigation response's adherence to its
     embedder policy">checking a navigation response's adherence to its embedder policy</span> given
-    <var>response</var> and <var>browsingContext</var> is false, then set <var>failure</var> to
-    true.</p>
+    <var>response</var>, <var>browsingContext</var> and <var>navigationParams</var>'s <span
+    data-x="navigation-params-reserved-environment">reserved environment</span> is false, then set
+    <var>failure</var> to true.</p>
 
     <p>Otherwise, if the result of <span data-x="check a navigation response's adherence to
     `X-Frame-Options`">checking a navigation response's adherence to
@@ -85152,7 +85162,11 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    <li><p>Set <var>document</var>'s <span data-x="concept-document-embedder-policy">embedder
    policy</span> to the result of <span data-x="obtain an embedder policy">obtaining an embedder
    policy</span> from <var>navigationParams</var>'s <span
-   data-x="navigation-params-response">response</span>.</p></li>
+   data-x="navigation-params-response">response</span> and <var>navigationParam</var>'s
+   <span data-x="navigation-params-reserved-environment>reserved environment</span> if
+   <var>navigationParam</var>'s <span data-x="navigation-params-reserved-environment>reserved
+   environment</span> is non-null, and "<code data-x="coep-unsafe-none">unsafe-none</code>"
+   otherwise.</p></li>
 
    <li><p><span>Initialize a <code data-x="">Document</code>'s CSP list</span> given
    <var>document</var>, <var>navigationParams</var>'s <span
@@ -99308,7 +99322,7 @@ interface <dfn>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope</span> {
      <li><p>Otherwise, set <var>worker global scope</var>'s <span
      data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> to the result of
      <span data-x="obtain an embedder policy">obtaining an embedder policy</span> from
-     <var>response</var>.</p></li>
+     <var>response</var> and <var>inside settings</var>.</p></li>
 
      <li>
       <p>If <var>worker global scope</var>'s <span