Closed
Bug 1495362
Opened 6 years ago
Closed 6 years ago
FeaturePolicy: fullscreen
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla64
Tracking | Status | |
---|---|---|
firefox64 | --- | fixed |
People
(Reporter: baku, Assigned: baku)
References
(Regression)
Details
(Keywords: dev-doc-complete, regression, Whiteboard: [domsecurity-backlog1] [domsecurity-active])
Attachments
(1 file, 1 obsolete file)
15.27 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
Supporting for 'fullscreen' feature policy.
Assignee | ||
Comment 1•6 years ago
|
||
Attachment #9013217 -
Flags: review?(bugs)
Comment 2•6 years ago
|
||
Comment on attachment 9013217 [details] [diff] [review] 4_feature_fullscreen.patch "FeturePolicy"
Comment 3•6 years ago
|
||
Comment on attachment 9013217 [details] [diff] [review] 4_feature_fullscreen.patch I tried and failed to find a patch which implements FeaturePolicyUtils::IsFeatureAllowed. I assume pages by default allow fullscreen? And then something may disable it? Would it make sense to have FeaturePolicyUtils::IsFeatureDenied, if that is the special case? But anyhow, I can't review this without knowing what FeaturePolicyUtils::IsFeatureAllowed does
Attachment #9013217 -
Flags: review?(bugs)
Comment 4•6 years ago
|
||
(In reply to Olli Pettay [:smaug] (r- if the bug doesn't explain what the change(s) are about.) from comment #3) > I tried and failed to find a patch which implements > FeaturePolicyUtils::IsFeatureAllowed. > > I assume pages by default allow fullscreen? And then something may disable > it? > Would it make sense to have > FeaturePolicyUtils::IsFeatureDenied, if that is the special case? Or perhaps FeaturePolicyUtils::IsFeatureAllowed is fine, but it needs to be clear which features are enabled by default. Is that documented somewhere?
Updated•6 years ago
|
Priority: -- → P2
Assignee | ||
Comment 5•6 years ago
|
||
Comment on attachment 9013217 [details] [diff] [review] 4_feature_fullscreen.patch About the default value, yes I agree with you. But it's not a problem of this particular feature: we should discuss what the default policy value should for any existing feature.
Attachment #9013217 -
Flags: review?(bugs)
Comment 6•6 years ago
|
||
Comment on attachment 9013217 [details] [diff] [review] 4_feature_fullscreen.patch I don't see this patch testing the code path. We need to have tests which do X and keep doing X after this patch too. And then tests which ensure that feature policy can enabled or block fullscreen usage. You said there are wpts, but where exactly? I would expect something to be enabled in this bug. s/FeturePolicy/FeaturePolicy/
Attachment #9013217 -
Flags: review?(bugs) → review-
Assignee | ||
Comment 7•6 years ago
|
||
test included
Attachment #9013217 -
Attachment is obsolete: true
Attachment #9014083 -
Flags: review?(bugs)
Comment 8•6 years ago
|
||
Comment on attachment 9014083 [details] [diff] [review] 4_feature_fullscreen.patch >+++ b/dom/html/HTMLIFrameElement.cpp >@@ -322,14 +322,18 @@ HTMLIFrameElement::RefreshFeaturePolicy( > } > > mFeaturePolicy->InheritPolicy(OwnerDoc()->Policy()); > > if (AllowPaymentRequest()) { > mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("payment")); > } > >+ if (AllowFullscreen()) { >+ mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("fullscreen")); >+ } >+ ok, so this was missing in the previous patch after all. >+function doRequestFullscreen() { >+ function handler(evt) { >+ document.removeEventListener("fullscreenchange", handler); >+ document.removeEventListener("fullscreenerror", handler); >+ parent.continueTest(evt.type); >+ } Don't you want to call document.exitFullscreen() if fullscreenchange fired. >+ >+ let test = tests.shift(); >+ >+ // Create an iframe with an allowfullscreen but with allow "fullscreen none". This comment is wrong. You aren't creating "fullscreen none" but use the values from the tests array. >+ // The request should be denied, and we should not receive a fullscreenchange >+ // event in this document. and then fix also this. >+ var iframe = document.createElement("iframe"); >+ iframe.setAttribute("allowfullscreen", "true"); >+ iframe.setAttribute("allow", test[0]); >+ iframe.src = INNER_FILE; >+ setupForInnerTest("an iframe+allowfullscreen but denied by FeaturePolicy", event => { And comment needs a fix too > FullscreenDeniedSubDocFullscreen=Request for fullscreen was denied because a subdocument of the document requesting fullscreen is already fullscreen. > FullscreenDeniedNotDescendant=Request for fullscreen was denied because requesting element is not a descendant of the current fullscreen element. > FullscreenDeniedNotFocusedTab=Request for fullscreen was denied because requesting element is not in the currently focused tab. >+FullscreenDeniedFeaturePolicy=Request for fullscreen was denied because against FeturePolicy directives. FeturePolicy. And there is something wrong with the sentence. perhaps ...because of FeaturePolicy directives Please make sure to run the test on try several times. fullscreen tests haven't been too stable in the past. (https://fullscreen.spec.whatwg.org/#feature-policy-integration)
Attachment #9014083 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 9•6 years ago
|
||
> (https://fullscreen.spec.whatwg.org/#feature-policy-integration)
Thanks for the review. Do you want to file a spec bug for the default allowlist? Spec says:
"This specification defines a policy-controlled feature identified by the string "fullscreen". Its default allowlist is 'self'."
But we are implementing 'all' for backward compatibility.
Flags: needinfo?(bugs)
Comment 10•6 years ago
|
||
But allowfullscreen makes the value all, right? All I'm hoping is that pages which _don't_ use feature policy, don't break with all the feature policy stuff.
Flags: needinfo?(bugs)
Assignee | ||
Comment 11•6 years ago
|
||
> But allowfullscreen makes the value all, right?
if allowfullscreen is an attribute, it creates a FeaturePolicy 'fullscreen *' if we don't have any other 'fullscreen' declared directives. I'll add a test for this.
Comment 12•6 years ago
|
||
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/cafd172dc48a FeaturePolicy: fullscreen, r=smaug
Comment 13•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/cafd172dc48a
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox64:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Comment 14•6 years ago
|
||
Comment on attachment 9014083 [details] [diff] [review] 4_feature_fullscreen.patch Review of attachment 9014083 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/locales/en-US/chrome/dom/dom.properties @@ +69,5 @@ > FullscreenDeniedLostWindow=Request for fullscreen was denied because we no longer have a window. > FullscreenDeniedSubDocFullscreen=Request for fullscreen was denied because a subdocument of the document requesting fullscreen is already fullscreen. > FullscreenDeniedNotDescendant=Request for fullscreen was denied because requesting element is not a descendant of the current fullscreen element. > FullscreenDeniedNotFocusedTab=Request for fullscreen was denied because requesting element is not in the currently focused tab. > +FullscreenDeniedFeaturePolicy=Request for fullscreen was denied because against FeturePolicy directives. FeaturePolicy, I guess?
Updated•6 years ago
|
Flags: needinfo?(amarchesini)
QA Contact: overholt
Comment 15•6 years ago
|
||
BTW, why is the string in the patch different from what actually landed? https://hg.mozilla.org/mozilla-central/rev/cafd172dc48a#l7.12 > +FullscreenDeniedFeaturePolicy=Request for fullscreen was denied because of FeturePolicy directives. P.S: no clue why opening a NI reset the QA Contact…
Updated•6 years ago
|
QA Contact: overholt
Comment 16•6 years ago
|
||
Hrm, I mentioned about FeturePolicy misspelling several times here. comment 2 and comment 6 and comment 8.
Assignee | ||
Comment 17•6 years ago
|
||
I didn't find that misspelling in the patch. I thought it was in the code and not in the properties file. I was looking in the wrong place. I'm filing a bug to fix this typo.
Flags: needinfo?(amarchesini)
Updated•6 years ago
|
Keywords: dev-doc-needed
Comment 18•6 years ago
|
||
https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Feature-Policy https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Feature-Policy/fullscreen
Keywords: dev-doc-needed → dev-doc-complete
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•4 years ago
|
Keywords: regression
Updated•2 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•