зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 6daf4f561843 (bug 1495303)for failing web-platform tests on /payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html
This commit is contained in:
Родитель
e9fe8be654
Коммит
b5ec6b9d2b
|
@ -174,8 +174,7 @@ HTMLIFrameElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
|
|||
}
|
||||
if ((aName == nsGkAtoms::allow ||
|
||||
aName == nsGkAtoms::src ||
|
||||
aName == nsGkAtoms::sandbox ||
|
||||
aName == nsGkAtoms::allowpaymentrequest) &&
|
||||
aName == nsGkAtoms::sandbox) &&
|
||||
StaticPrefs::dom_security_featurePolicy_enabled()) {
|
||||
RefreshFeaturePolicy();
|
||||
}
|
||||
|
@ -308,12 +307,8 @@ HTMLIFrameElement::RefreshFeaturePolicy()
|
|||
|
||||
mFeaturePolicy->InheritPolicy(OwnerDoc()->Policy());
|
||||
|
||||
if (AllowPaymentRequest()) {
|
||||
mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("payment"));
|
||||
}
|
||||
|
||||
// TODO: https://wicg.github.io/feature-policy/#process-feature-policy-attributes
|
||||
// requires to check allowfullscreen, and allowusermediarequest
|
||||
// requires to check allowfullscreen, allowpaymentrequest and allowusermediarequest
|
||||
}
|
||||
|
||||
} // namespace dom
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
|
||||
#include "BasicCardPayment.h"
|
||||
#include "mozilla/dom/Element.h"
|
||||
#include "mozilla/dom/FeaturePolicyUtils.h"
|
||||
#include "mozilla/dom/PaymentRequest.h"
|
||||
#include "mozilla/dom/PaymentRequestChild.h"
|
||||
#include "mozilla/dom/PaymentResponse.h"
|
||||
|
@ -561,12 +560,6 @@ PaymentRequest::Constructor(const GlobalObject& aGlobal,
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
if (!FeaturePolicyUtils::IsFeatureAllowed(doc,
|
||||
NS_LITERAL_STRING("payment"))) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// Check if AllowPaymentRequest on the owner document
|
||||
if (!doc->AllowPaymentRequest()) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
|
|
|
@ -182,18 +182,3 @@ FeaturePolicy::GetAllowlistForFeature(const nsAString& aFeatureName,
|
|||
aList.AppendElement(defaultAllowList);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
FeaturePolicy::MaybeSetAllowedPolicy(const nsAString& aFeatureName)
|
||||
{
|
||||
MOZ_ASSERT(FeaturePolicyUtils::IsSupportedFeature(aFeatureName));
|
||||
|
||||
if (HasDeclaredFeature(aFeatureName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
Feature feature(aFeatureName);
|
||||
feature.SetAllowsAll();
|
||||
|
||||
mFeatures.AppendElement(feature);
|
||||
}
|
||||
|
|
|
@ -101,12 +101,6 @@ public:
|
|||
const nsAString& aSrcOrigin,
|
||||
bool aSrcEnabled);
|
||||
|
||||
// This method creates a policy for aFeatureName allowing it to '*' if it
|
||||
// doesn't exist yet. It's used by HTMLIFrameElement to enable features by
|
||||
// attributes.
|
||||
void
|
||||
MaybeSetAllowedPolicy(const nsAString& aFeatureName);
|
||||
|
||||
// Clears all the declarative policy directives. This is needed when the
|
||||
// 'allow' attribute or the 'src' attribute change for HTMLIFrameElement's
|
||||
// policy.
|
||||
|
|
|
@ -47,6 +47,7 @@ static FeatureMap sSupportedFeatures[] = {
|
|||
{ "microphone", FeatureMap::eSelf },
|
||||
// TODO: not supported yet!!!
|
||||
{ "midi", FeatureMap::eSelf },
|
||||
// TODO: not supported yet!!!
|
||||
{ "payment", FeatureMap::eSelf },
|
||||
// TODO: not supported yet!!!
|
||||
{ "picture-in-picture", FeatureMap::eAll },
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
|
||||
prefs: [dom.security.featurePolicy.enabled:true]
|
||||
lsan-allowed: []
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
[payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html]
|
||||
[Feature-Policy allow="payment" allows same-origin relocation.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy allow="payment" disallows cross-origin relocation.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin relocation.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy allow="payment" allowpaymentrequest=true disallows cross-origin relocation.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy allow="payment" allows same-origin navigation in an iframe.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin navigation in an iframe.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,4 +1,7 @@
|
|||
[payment-allowed-by-feature-policy-attribute.https.sub.html]
|
||||
[Feature policy "payment" can be enabled in same-origin iframe using allow="payment" attribute]
|
||||
expected: FAIL
|
||||
|
||||
[Feature policy "payment" can be enabled in cross-origin iframe using allow="payment" attribute]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,4 +1,16 @@
|
|||
[payment-allowed-by-feature-policy.https.sub.html]
|
||||
[Feature-Policy header {"payment" : ["*"\]} allows the top-level document.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy header {"payment" : ["*"\]} allows same-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy header {"payment" : ["*"\]} allows cross-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows same-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
[Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows cross-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,4 +1,13 @@
|
|||
[payment-default-feature-policy.https.sub.html]
|
||||
[Default "payment" feature policy ["self"\] allows the top-level document.]
|
||||
expected: FAIL
|
||||
|
||||
[Default "payment" feature policy ["self"\] allows same-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
[Default "payment" feature policy ["self"\] allowpaymentrequest=true allows same-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
[Default "payment" feature policy ["self"\] allowpaymentrequest=true allows cross-origin iframes.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
[payment-disabled-by-feature-policy.https.sub.html]
|
||||
[Feature-Policy header {"payment" : [\]} disallows the top-level document.]
|
||||
expected: FAIL
|
||||
|
|
@ -1 +1 @@
|
|||
prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
|
||||
prefs: [dom.payments.request.enabled:true]
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
[allowpaymentrequest-attribute-cross-origin-bc-containers.https.html]
|
||||
[iframe]
|
||||
expected: FAIL
|
||||
expected:
|
||||
if not e10s: FAIL
|
||||
|
||||
[frame]
|
||||
expected:
|
||||
|
|
Загрузка…
Ссылка в новой задаче