Backed out changeset 6daf4f561843 (bug 1495303)for failing web-platform tests on /payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html

2018-10-01 14:51:26 +03:00 · 2018-10-01 14:51:26 +03:00 · b5ec6b9d2b
--- a/dom/html/HTMLIFrameElement.cpp
+++ b/dom/html/HTMLIFrameElement.cpp
@ -174,8 +174,7 @@ HTMLIFrameElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
    }
    if ((aName == nsGkAtoms::allow ||
         aName == nsGkAtoms::src ||
-         aName == nsGkAtoms::sandbox ||
-         aName == nsGkAtoms::allowpaymentrequest) &&
+         aName == nsGkAtoms::sandbox) &&
        StaticPrefs::dom_security_featurePolicy_enabled()) {
      RefreshFeaturePolicy();
    }
@ -308,12 +307,8 @@ HTMLIFrameElement::RefreshFeaturePolicy()

  mFeaturePolicy->InheritPolicy(OwnerDoc()->Policy());

-  if (AllowPaymentRequest()) {
-    mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("payment"));
-  }
-
  // TODO: https://wicg.github.io/feature-policy/#process-feature-policy-attributes
-  // requires to check allowfullscreen, and allowusermediarequest
+  // requires to check allowfullscreen, allowpaymentrequest and allowusermediarequest
 }

 } // namespace dom
--- a/dom/payments/PaymentRequest.cpp
+++ b/dom/payments/PaymentRequest.cpp
@ -6,7 +6,6 @@

 #include "BasicCardPayment.h"
 #include "mozilla/dom/Element.h"
-#include "mozilla/dom/FeaturePolicyUtils.h"
 #include "mozilla/dom/PaymentRequest.h"
 #include "mozilla/dom/PaymentRequestChild.h"
 #include "mozilla/dom/PaymentResponse.h"
@ -561,12 +560,6 @@ PaymentRequest::Constructor(const GlobalObject& aGlobal,
    return nullptr;
  }

-  if (!FeaturePolicyUtils::IsFeatureAllowed(doc,
-                                            NS_LITERAL_STRING("payment"))) {
-    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
-    return nullptr;
-  }
-
  // Check if AllowPaymentRequest on the owner document
  if (!doc->AllowPaymentRequest()) {
    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
--- a/dom/security/featurepolicy/FeaturePolicy.cpp
+++ b/dom/security/featurepolicy/FeaturePolicy.cpp
@ -182,18 +182,3 @@ FeaturePolicy::GetAllowlistForFeature(const nsAString& aFeatureName,
    aList.AppendElement(defaultAllowList);
  }
 }
-
-void
-FeaturePolicy::MaybeSetAllowedPolicy(const nsAString& aFeatureName)
-{
-  MOZ_ASSERT(FeaturePolicyUtils::IsSupportedFeature(aFeatureName));
-
-  if (HasDeclaredFeature(aFeatureName)) {
-    return;
-  }
-
-  Feature feature(aFeatureName);
-  feature.SetAllowsAll();
-
-  mFeatures.AppendElement(feature);
-}
--- a/dom/security/featurepolicy/FeaturePolicy.h
+++ b/dom/security/featurepolicy/FeaturePolicy.h
@ -101,12 +101,6 @@ public:
                    const nsAString& aSrcOrigin,
                    bool aSrcEnabled);

-  // This method creates a policy for aFeatureName allowing it to '*' if it
-  // doesn't exist yet. It's used by HTMLIFrameElement to enable features by
-  // attributes.
-  void
-  MaybeSetAllowedPolicy(const nsAString& aFeatureName);
-
  // Clears all the declarative policy directives. This is needed when the
  // 'allow' attribute or the 'src' attribute change for HTMLIFrameElement's
  // policy.
--- a/dom/security/featurepolicy/FeaturePolicyUtils.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@ -47,6 +47,7 @@ static FeatureMap sSupportedFeatures[] = {
  { "microphone", FeatureMap::eSelf  },
  // TODO: not supported yet!!!
  { "midi", FeatureMap::eSelf  },
+  // TODO: not supported yet!!!
  { "payment", FeatureMap::eSelf  },
  // TODO: not supported yet!!!
  { "picture-in-picture", FeatureMap::eAll  },
--- a/testing/web-platform/meta/feature-policy/dir.ini
+++ b/testing/web-platform/meta/feature-policy/dir.ini
@ -1,2 +1,2 @@
-prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
+prefs: [dom.security.featurePolicy.enabled:true]
 lsan-allowed: []
--- a/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html.ini
@ -0,0 +1,19 @@
+[payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html]
+  [Feature-Policy allow="payment" allows same-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" disallows cross-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allowpaymentrequest=true disallows cross-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allows same-origin navigation in an iframe.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin navigation in an iframe.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute.https.sub.html.ini
@ -1,4 +1,7 @@
 [payment-allowed-by-feature-policy-attribute.https.sub.html]
+  [Feature policy "payment" can be enabled in same-origin iframe using allow="payment" attribute]
+    expected: FAIL
+
  [Feature policy "payment" can be enabled in cross-origin iframe using allow="payment" attribute]
    expected: FAIL

--- a/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy.https.sub.html.ini
@ -1,4 +1,16 @@
 [payment-allowed-by-feature-policy.https.sub.html]
+  [Feature-Policy header {"payment" : ["*"\]} allows the top-level document.]
+    expected: FAIL
+
+  [Feature-Policy header {"payment" : ["*"\]} allows same-origin iframes.]
+    expected: FAIL
+
  [Feature-Policy header {"payment" : ["*"\]} allows cross-origin iframes.]
    expected: FAIL

+  [Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows same-origin iframes.]
+    expected: FAIL
+
+  [Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows cross-origin iframes.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/feature-policy/payment-default-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-default-feature-policy.https.sub.html.ini
@ -1,4 +1,13 @@
 [payment-default-feature-policy.https.sub.html]
+  [Default "payment" feature policy ["self"\] allows the top-level document.]
+    expected: FAIL
+
+  [Default "payment" feature policy ["self"\] allows same-origin iframes.]
+    expected: FAIL
+
+  [Default "payment" feature policy ["self"\] allowpaymentrequest=true allows same-origin iframes.]
+    expected: FAIL
+
  [Default "payment" feature policy ["self"\] allowpaymentrequest=true allows cross-origin iframes.]
    expected: FAIL

--- a/testing/web-platform/meta/feature-policy/payment-disabled-by-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-disabled-by-feature-policy.https.sub.html.ini
@ -0,0 +1,4 @@
+[payment-disabled-by-feature-policy.https.sub.html]
+  [Feature-Policy header {"payment" : [\]} disallows the top-level document.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/payment-request/dir.ini
+++ b/testing/web-platform/meta/payment-request/dir.ini
@ -1 +1 @@
-prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
+prefs: [dom.payments.request.enabled:true]
--- a/testing/web-platform/meta/payment-request/allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html.ini
+++ b/testing/web-platform/meta/payment-request/allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html.ini
@ -1,6 +1,7 @@
 [allowpaymentrequest-attribute-cross-origin-bc-containers.https.html]
  [iframe]
-    expected: FAIL
+    expected:
+      if not e10s: FAIL

  [frame]
    expected: