Backed out changeset 6daf4f561843 (bug 1495303)for failing web-platform tests on /payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html

This commit is contained in:
arthur.iakab 2018-10-01 14:51:26 +03:00
Родитель e9fe8be654
Коммит b5ec6b9d2b
13 изменённых файлов: 54 добавлений и 38 удалений

Просмотреть файл

@ -174,8 +174,7 @@ HTMLIFrameElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
}
if ((aName == nsGkAtoms::allow ||
aName == nsGkAtoms::src ||
aName == nsGkAtoms::sandbox ||
aName == nsGkAtoms::allowpaymentrequest) &&
aName == nsGkAtoms::sandbox) &&
StaticPrefs::dom_security_featurePolicy_enabled()) {
RefreshFeaturePolicy();
}
@ -308,12 +307,8 @@ HTMLIFrameElement::RefreshFeaturePolicy()
mFeaturePolicy->InheritPolicy(OwnerDoc()->Policy());
if (AllowPaymentRequest()) {
mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("payment"));
}
// TODO: https://wicg.github.io/feature-policy/#process-feature-policy-attributes
// requires to check allowfullscreen, and allowusermediarequest
// requires to check allowfullscreen, allowpaymentrequest and allowusermediarequest
}
} // namespace dom

Просмотреть файл

@ -6,7 +6,6 @@
#include "BasicCardPayment.h"
#include "mozilla/dom/Element.h"
#include "mozilla/dom/FeaturePolicyUtils.h"
#include "mozilla/dom/PaymentRequest.h"
#include "mozilla/dom/PaymentRequestChild.h"
#include "mozilla/dom/PaymentResponse.h"
@ -561,12 +560,6 @@ PaymentRequest::Constructor(const GlobalObject& aGlobal,
return nullptr;
}
if (!FeaturePolicyUtils::IsFeatureAllowed(doc,
NS_LITERAL_STRING("payment"))) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return nullptr;
}
// Check if AllowPaymentRequest on the owner document
if (!doc->AllowPaymentRequest()) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);

Просмотреть файл

@ -182,18 +182,3 @@ FeaturePolicy::GetAllowlistForFeature(const nsAString& aFeatureName,
aList.AppendElement(defaultAllowList);
}
}
void
FeaturePolicy::MaybeSetAllowedPolicy(const nsAString& aFeatureName)
{
MOZ_ASSERT(FeaturePolicyUtils::IsSupportedFeature(aFeatureName));
if (HasDeclaredFeature(aFeatureName)) {
return;
}
Feature feature(aFeatureName);
feature.SetAllowsAll();
mFeatures.AppendElement(feature);
}

Просмотреть файл

@ -101,12 +101,6 @@ public:
const nsAString& aSrcOrigin,
bool aSrcEnabled);
// This method creates a policy for aFeatureName allowing it to '*' if it
// doesn't exist yet. It's used by HTMLIFrameElement to enable features by
// attributes.
void
MaybeSetAllowedPolicy(const nsAString& aFeatureName);
// Clears all the declarative policy directives. This is needed when the
// 'allow' attribute or the 'src' attribute change for HTMLIFrameElement's
// policy.

Просмотреть файл

@ -47,6 +47,7 @@ static FeatureMap sSupportedFeatures[] = {
{ "microphone", FeatureMap::eSelf },
// TODO: not supported yet!!!
{ "midi", FeatureMap::eSelf },
// TODO: not supported yet!!!
{ "payment", FeatureMap::eSelf },
// TODO: not supported yet!!!
{ "picture-in-picture", FeatureMap::eAll },

Просмотреть файл

@ -1,2 +1,2 @@
prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
prefs: [dom.security.featurePolicy.enabled:true]
lsan-allowed: []

Просмотреть файл

@ -0,0 +1,19 @@
[payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html]
[Feature-Policy allow="payment" allows same-origin relocation.]
expected: FAIL
[Feature-Policy allow="payment" disallows cross-origin relocation.]
expected: FAIL
[Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin relocation.]
expected: FAIL
[Feature-Policy allow="payment" allowpaymentrequest=true disallows cross-origin relocation.]
expected: FAIL
[Feature-Policy allow="payment" allows same-origin navigation in an iframe.]
expected: FAIL
[Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin navigation in an iframe.]
expected: FAIL

Просмотреть файл

@ -1,4 +1,7 @@
[payment-allowed-by-feature-policy-attribute.https.sub.html]
[Feature policy "payment" can be enabled in same-origin iframe using allow="payment" attribute]
expected: FAIL
[Feature policy "payment" can be enabled in cross-origin iframe using allow="payment" attribute]
expected: FAIL

Просмотреть файл

@ -1,4 +1,16 @@
[payment-allowed-by-feature-policy.https.sub.html]
[Feature-Policy header {"payment" : ["*"\]} allows the top-level document.]
expected: FAIL
[Feature-Policy header {"payment" : ["*"\]} allows same-origin iframes.]
expected: FAIL
[Feature-Policy header {"payment" : ["*"\]} allows cross-origin iframes.]
expected: FAIL
[Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows same-origin iframes.]
expected: FAIL
[Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows cross-origin iframes.]
expected: FAIL

Просмотреть файл

@ -1,4 +1,13 @@
[payment-default-feature-policy.https.sub.html]
[Default "payment" feature policy ["self"\] allows the top-level document.]
expected: FAIL
[Default "payment" feature policy ["self"\] allows same-origin iframes.]
expected: FAIL
[Default "payment" feature policy ["self"\] allowpaymentrequest=true allows same-origin iframes.]
expected: FAIL
[Default "payment" feature policy ["self"\] allowpaymentrequest=true allows cross-origin iframes.]
expected: FAIL

Просмотреть файл

@ -0,0 +1,4 @@
[payment-disabled-by-feature-policy.https.sub.html]
[Feature-Policy header {"payment" : [\]} disallows the top-level document.]
expected: FAIL

Просмотреть файл

@ -1 +1 @@
prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
prefs: [dom.payments.request.enabled:true]

Просмотреть файл

@ -1,6 +1,7 @@
[allowpaymentrequest-attribute-cross-origin-bc-containers.https.html]
[iframe]
expected: FAIL
expected:
if not e10s: FAIL
[frame]
expected: