-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make about:srcdoc to inherit PolicyContainer from history. #8057
Make about:srcdoc to inherit PolicyContainer from history. #8057
Conversation
This is the current behavior of Chrome and Firefox: See WPT. https://wpt.fyi/results/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html?label=experimental&label=master&aligned I would like to update the specification and the WPT test to align with the current browsers behaviors. See: whatwg#6809
Question: @antosart FYI: in case I am missing some changes in the spec. |
This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug:1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
In general you can assume that browsers which already implement a change, support implementing that change :). So you can check that box.
It would be good to submit a WebKit bug, perhaps for the general area of srcdoc history navigation, with a pointer to any relevant web platform tests. (Especially ones which pass in the two other engines.)
I will wait for @antosart to double-check before merging.
Would you be able to add tests for the other things in the policy container, BTW? Referrer policy at least seems easy enough to test. Maybe embedder policy is not easy to test or does not give a different result anyway due to the consistency guarantees for the frame... |
Yes. Good idea! I remember I already reviewed @antosart adding a test for this (Thanks!): The test is expecting the new proposed behavior. That's very interesting. We see Firefox doesn't inherit the referrer policy from history, contrary to CSP. I guess this require me to ask Firefox their position. I will do next week! |
I think it is OK to treat Firefox's inconsistency here (restoring CSP, and the document itself, but not the referrer policy) as a bug. So we can merge this as-is. |
This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug: 1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3735763 Commit-Queue: Arthur Sonzogni <[email protected]> Reviewed-by: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/main@{#1024257}
This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug: 1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3735763 Commit-Queue: Arthur Sonzogni <[email protected]> Reviewed-by: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/main@{#1024257}
This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug: 1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3735763 Commit-Queue: Arthur Sonzogni <[email protected]> Reviewed-by: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/main@{#1024257}
…iner from history., a=testonly Automatic update from web-platform-tests Make about:srcdoc to inherit PolicyContainer from history. This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug: 1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3735763 Commit-Queue: Arthur Sonzogni <[email protected]> Reviewed-by: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/main@{#1024257} -- wpt-commits: 5152f7028dd6db37dfaa12f52fa467833cabd8e5 wpt-pr: 34659
…iner from history., a=testonly Automatic update from web-platform-tests Make about:srcdoc to inherit PolicyContainer from history. This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug: 1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3735763 Commit-Queue: Arthur Sonzogni <[email protected]> Reviewed-by: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/main@{#1024257} -- wpt-commits: 5152f7028dd6db37dfaa12f52fa467833cabd8e5 wpt-pr: 34659
This correspond to HTML PR: whatwg/html#8057 We should wait for the HTML PR to be merged before reflecting this into the test. This makes the test to pass on Chrome and Firefox, who both restore PolicyContainer from history. Bug: 1329190 Change-Id: Ib9dfd5a592295cbabb5dffbb690e430c350161ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3735763 Commit-Queue: Arthur Sonzogni <[email protected]> Reviewed-by: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/main@{#1024257} NOKEYCHECK=True GitOrigin-RevId: dd835784014c20f5f70f2fb472a29eab6fdfdaa3
This is the current behavior of Chrome and Firefox. Safari do not support history navigations at all.
See WPT.
https://wpt.fyi/results/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html?label=experimental&label=master&aligned
I would like to align the specification and WPTs to match the current browsers behaviors.
See: #6809
(See WHATWG Working Mode: Changes for more details.)
/origin.html ( diff )