Closed Bug 1872915 Opened 1 year ago Closed 1 year ago

[wpt-sync] Sync PR 43846 - Allow non-opaque fenced frames to inherit select permissions.

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(firefox123 fixed)

Status:
RESOLVED FIXED
Milestone:
123 Branch
Tracking Flags:
Tracking Status
firefox123 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 43846 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/43846
Details from upstream follow.

Liam Brady <lbrady@google.com> wrote:

Allow non-opaque fenced frames to inherit select permissions.

For fenced frames with unpartitioned data acecss, they will need to use
Shared Storage in order to read and write the unpartitioned data. They
will also need to be able to call the Private Aggregation API in order
to send reports and telemetry without running the risk of introducing a
fingerprinting vector. Both of those features are permissions
policy-backed features.

Fenced frames do not currently support permissions policies, so none of
these features will be able to be enabled. The reason we disabled
permissions policies originally was to prevent cross-channel
communication from the embedder into the fenced frame. However, fenced
frames with unpartitioned data do allow for data inflow, just not data
outflow. Because of that, we can now allow permissions policies to be
enabled on non-opaque fenced frames (i.e. fenced frames not created
using Protected Audience or Shared Storage).

This CL allows fenced frames to set and inherit permissions policies.
Only Shared Storage and Private Aggregation will be allowed to be
enabled. All other permissions policies will be forced off if attempted
to be enabled, and a console warning will be output for debugging
purposes. Note that fenced frames created through Protected Audience or
Shared Storage will continue to have their existing restrictions, and
this CL will not affect their behavior.

As a feature of its architecture, MPArch does not have access to
permissions policy information in its parent on the renderer side. To
give a fenced frame that access, we need to explicitly give it that
information through the fenced frame properties. This CL adds the parent
frame's parsed permissions policies and its origin to the
FencedFrameConfig and FencedFrameProperties objects. This is done
instead of just adding the PermissionsPolicy object for IPC reasons. The
parsed permissions policies and origin can be sent in an IPC message and
are the 2 pieces needed in order to reconstruct a PermissionsPolicy on
the renderer-side.

This CL also fixes an issue where container policies for fenced frame
roots were not taken into consideration when building the permissions
policy on the renderer side.

This CL explicitly does not modify any permissions policy code related
to client hints. That will be done as a follow up if and when we choose
to allow client hints in fenced frames.

Change-Id: I00e56dc35e07e7dfa16a3b57eb40be384faa8252
Bug: 1515327
Reviewed-on: https://chromium-review.googlesource.com/5150117
WPT-Export-Revision: 2d5761083277eb29164177c0c27a48620ef51470

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 6 tests and 2 subtests

Status Summary

Firefox

OK : 6
FAIL: 19

Chrome

OK : 6
FAIL: 19

Safari

OK : 6
FAIL: 19

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /fenced-frame/default-enabled-features-allow-all.https.html [wpt.fyi]
    • Same-origin fenced frame loads when feature policies are *: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin fenced frame loads when feature policies are *: FAIL (Chrome: FAIL, Safari: FAIL)
    • A fenced frame that navigates itself to a cross origin page that allows feature policies can still access the feature policies: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin fenced frames default feature policies follow inheritance rules.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fenced-frame/default-enabled-features-allow-none.https.html [wpt.fyi]
    • Same-origin fenced frame does not load when feature policies are none: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin fenced frame does not load when feature policies are none: FAIL (Chrome: FAIL, Safari: FAIL)
    • Flexible permissions fenced frames can have permissions restricted from parent.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fenced-frame/default-enabled-features-allow-self.https.html [wpt.fyi]
    • Same-origin fenced frame does not load when feature policies are self: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin fenced frame does not load when feature policies are self: FAIL (Chrome: FAIL, Safari: FAIL)
    • Fenced frames default feature policies should inherit from parent.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin fenced frames default feature policies follow inheritance rules.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fenced-frame/default-enabled-features-allow-unspecified.https.html [wpt.fyi]
    • Fenced frames should inherit features from parent if nothing specified.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Fenced frames default feature policies should inherit when using allow but should be able to further restrict the policies.: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fenced-frame/default-enabled-features-attribute-allow.https.html [wpt.fyi]
    • Same-origin fenced frame with allow attribute enabling required features: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin fenced frame with allow attribute enabling required features: FAIL (Chrome: FAIL, Safari: FAIL)
    • Delivered policies can further restrict permissions of a fixed permissions fenced frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • Delivered policies can further restrict permissions of a non-opaque fenced frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fenced-frame/navigator-keyboard-layout-map.https.html [wpt.fyi]
    • keyboard.getLayoutMap() from non-opaque fenced frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • keyboard.getLayoutMap() from opaque fenced frame: FAIL (Chrome: FAIL, Safari: FAIL)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5ea736584c1a [wpt PR 43846] - Allow non-opaque fenced frames to inherit select permissions., a=testonly https://hg.mozilla.org/integration/autoland/rev/f799de97b097 [wpt PR 43846] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/5ea736584c1a
https://hg.mozilla.org/mozilla-central/rev/f799de97b097

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox123: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 123 Branch
You need to log in before you can comment on or make changes to this bug.