You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If this's relevant global object's associated Document is not allowed to use the policy-controlled permission named "keyboard-map", reject the promise.
[T]he API is only available from secure contexts and can only be called from the currently active top-level browsing context or granted access via policy-controlled feature.
These two statements contradict each other in the case when top-level browsing context does not have the permission.
As of October 2023, Chrome/Chromium implementation follows the Privacy Mitigations version and ignores the permission policy state in top-level frame and allows access even if keyboard-map is explicitly forbidden. Chromium issue here. As of October 2023, there is no WPT specifically for this case.
Background
Originally, getLayoutMap() was allowed only from top-level context and did not have any other restrictions. Then in #38 there was some discussion about access from sub-frames, which resulted in keyboard-map Permissions Policy.
Chronology of most important events:
commit 78cfc48 added keyboard-map permission identifier with default allow-list 'self'
commit 9237b26 updated the getLayoutMap() algorithm to use the permission replacing the mention of top-level browsing context with the new permission. Please note that since the default allow list was 'self', the top-level document was still allowed access by default.
in this commit Chromium implemented keyboard-map permission but did not remove the mention of top-level browsing context, effectively putting it in conflict with the specification. Note: the new WPT did not get a dedicated test specifically for the case of top-level context having explicit Permissions Policy keyboard-map=() and trying to access the API.
commit bf67454 updated the "Privacy Mitigations" section adding wording about keyboard-map permission but not removing the mention of top-level browsing context. This was in direct contradiction with the previous commit 9237b26.
(inconsequential) Chromium commit moved the check from Blink renderer process to the core browser process.
(inconsequential) Chromium issue was filed specifically about this ambiguity.
Possible solutions
Remove access from top-level context when it is explicitly forbidden by Permissions Policy
This will likely reflect the intent of the Permissions Policy system better.
This will not change behavior for most websites since they do not specify keyboard-map permission.
This will require a one-line change to Chromium KeyboardLockServiceImpl::GetKeyboardLayoutMap() method.
Allow access from top-level context even in case of explicit restriction
This will reflect the current Chromium behavior better.
This will not change behavior for any websites at all.
This will require no changes on Chromium side.
This will require change to the getLayoutMap() algorithm.
This will require a WPT test.
I can crate a Chromium CL for either solution once there is a consensus which option to take. I would favor the first solution (consistency with Permissions Policy).
The Question
As of now, the
getLayoutMap()
algorithm states:But the Privacy Mitigations section states:
These two statements contradict each other in the case when top-level browsing context does not have the permission.
As of October 2023, Chrome/Chromium implementation follows the Privacy Mitigations version and ignores the permission policy state in top-level frame and allows access even if
keyboard-map
is explicitly forbidden. Chromium issue here. As of October 2023, there is no WPT specifically for this case.Background
Originally,
getLayoutMap()
was allowed only from top-level context and did not have any other restrictions. Then in #38 there was some discussion about access from sub-frames, which resulted inkeyboard-map
Permissions Policy.Chronology of most important events:
keyboard-map
permission identifier with default allow-list'self'
getLayoutMap()
algorithm to use the permission replacing the mention of top-level browsing context with the new permission. Please note that since the default allow list was'self'
, the top-level document was still allowed access by default.keyboard-map
permission but did not remove the mention of top-level browsing context, effectively putting it in conflict with the specification. Note: the new WPT did not get a dedicated test specifically for the case of top-level context having explicit Permissions Policykeyboard-map=()
and trying to access the API.keyboard-map
permission but not removing the mention of top-level browsing context. This was in direct contradiction with the previous commit9237b26
.Possible solutions
Remove access from top-level context when it is explicitly forbidden by Permissions Policy
keyboard-map
permission.KeyboardLockServiceImpl::GetKeyboardLayoutMap()
method.Allow access from top-level context even in case of explicit restriction
getLayoutMap()
algorithm.I can crate a Chromium CL for either solution once there is a consensus which option to take. I would favor the first solution (consistency with Permissions Policy).
Related discussion
This came up in uBlock Origin discussion.
The text was updated successfully, but these errors were encountered: