Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update permissions policy to match implementation #125

Merged
merged 7 commits into from
Nov 7, 2023
Merged

Update permissions policy to match implementation #125

merged 7 commits into from
Nov 7, 2023

Conversation

blu25
Copy link
Collaborator

@blu25 blu25 commented Sep 28, 2023
edited by pr-preview bot
Loading

The current permisisons policy spec patches correctly have the load blocking algorithm where we won’t load a fenced frame if any of the effective enabled permissions are not set. The patches do not, however, handle setting the permissions policies correctly. The spec allows the create a permissions policy algorithm to simply inherit from its embedder, which allows for information to leak across a fenced boundary.

This PR patches that so that the permissions that are set when a fenced frame loads are only the permissions in the "effective enabled permissions". This will ensure that all the permissions required to load are set (since that is checked at navigation time), but will not allow extra permissions to be enabled (including permissions set in the allow attribute of the fenced frame).

See document for more information.

Preview | Diff

domfarolino
domfarolino reviewed Nov 1, 2023
View reviewed changes
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
domfarolino
domfarolino reviewed Nov 1, 2023
View reviewed changes
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
spec.bs Outdated Show resolved Hide resolved
domfarolino
domfarolino approved these changes Nov 7, 2023
View reviewed changes
Copy link
Collaborator

@domfarolino domfarolino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beautiful!

@domfarolino domfarolino merged commit f806eda into master Nov 7, 2023
1 check passed
@domfarolino domfarolino deleted the liam-permissions-changes branch November 7, 2023 00:38
github-actions bot added a commit that referenced this pull request Nov 7, 2023
@blu25 @github-actions
Update permissions policy to match implementation (#125)
4f00cf2 
SHA: f806eda
Reason: push, by domfarolino

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domfarolino domfarolino domfarolino approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blu25 @domfarolino