[FedCM] Check top frame's visibility instead of iframe's

Currently we only proceed with FedCM API if the render frame is visible. This makes sense when FedCM is used in the top frame. However, it's common for top frame to embed a cross-origin iframe, possibly invisible, to invoke FedCM API. This patch checks the top frame's visibility instead of the iframe's to make sure FedCM API can be used as long as the top frame is visible. (cherry picked from commit 2deafce) Change-Id: I299f1d3fb6dfb50b45cb5323efc6a97c95d45132 Bug: 1481308 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4860279 Reviewed-by: Zachary Tan <tanzachary@chromium.org> Commit-Queue: Yi Gu <yigu@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1195567} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4892208 Auto-Submit: Yi Gu <yigu@chromium.org> Commit-Queue: Zachary Tan <tanzachary@chromium.org> Cr-Commit-Position: refs/branch-heads/5993@{#785} Cr-Branched-From: 5113507-refs/heads/main@{#1192594}
chromium · Sep 25, 2023 · 0bffbd4 · 0bffbd4
1 parent 42a7ded
commit 0bffbd4
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/content/browser/webid/federated_auth_request_impl.cc b/content/browser/webid/federated_auth_request_impl.cc
@@ -399,6 +399,11 @@ absl::optional<std::string> GetIframeOriginForDisplay(
   return iframe_for_display;
 }
 
+bool IsFrameVisible(RenderFrameHost* frame) {
+  return frame && frame->IsActive() &&
+         frame->GetVisibilityState() == content::PageVisibilityState::kVisible;
+}
+
 }  // namespace
 
 FederatedAuthRequestImpl::FetchData::FetchData() = default;
@@ -1189,9 +1194,7 @@ void FederatedAuthRequestImpl::MaybeShowAccountsDialog() {
   // if the RenderFrameHost is hidden because the user does not seem interested
   // in the contents of the current page.
   if (!fetch_data_.for_idp_signin) {
-    bool is_visible = (render_frame_host().IsActive() &&
-                       render_frame_host().GetVisibilityState() ==
-                           content::PageVisibilityState::kVisible);
+    bool is_visible = IsFrameVisible(render_frame_host().GetMainFrame());
     fedcm_metrics_->RecordWebContentsVisibilityUponReadyToShowDialog(
         is_visible);
 
@@ -1377,10 +1380,7 @@ void FederatedAuthRequestImpl::HandleAccountsFetchFailure(
     return;
   }
 
-  bool is_visible = (render_frame_host().IsActive() &&
-                     render_frame_host().GetVisibilityState() ==
-                         content::PageVisibilityState::kVisible);
-  if (!is_visible) {
+  if (!IsFrameVisible(render_frame_host().GetMainFrame())) {
     CompleteRequestWithError(FederatedAuthRequestResult::kErrorRpPageNotVisible,
                              TokenStatus::kRpPageNotVisible,
                              /*should_delay_callback=*/true);

diff --git a/third_party/blink/web_tests/external/wpt/credential-management/fedcm-iframe.https.html b/third_party/blink/web_tests/external/wpt/credential-management/fedcm-iframe.https.html
@@ -16,13 +16,16 @@
 const remoteBaseURL = host.HTTPS_REMOTE_ORIGIN + basePath;
 const localhostBaseURL = "http://localhost:" + host.HTTP_PORT + basePath;
 
-async function createIframeAndWaitForMessage(test, iframeUrl, setPermissionPolicy) {
+async function createIframeAndWaitForMessage(test, iframeUrl, setPermissionPolicy, style = "") {
     const messageWatcher = new EventWatcher(test, window, "message");
     var iframe = document.createElement("iframe");
     iframe.src = iframeUrl;
     if (setPermissionPolicy) {
       iframe.allow = "identity-credentials-get";
     }
+    if (style !== "") {
+      iframe.style = style;
+    }
     document.body.appendChild(iframe);
     const message = await messageWatcher.wait_for("message");
     return message.data;
@@ -44,6 +47,14 @@
   assert_equals(message.token, "token");
 }, "FedCM enabled in 2 level deep nested iframe. FedCM should be enabled regardless of iframe nesting depth");
 
+fedcm_test(async t => {
+  const message = await createIframeAndWaitForMessage(
+      t, remoteBaseURL + "support/fedcm-iframe.html",
+      /*setPermissionPolicy=*/true, /*style=*/"display:none;");
+  assert_equals(message.result, "Pass");
+  assert_equals(message.token, "token");
+}, "FedCM enabled in invisible iframe. FedCM should be enabled as long as the top frame is visible");
+
 fedcm_test(async t => {
   const message = await createIframeAndWaitForMessage(
       t, remoteBaseURL + "support/fedcm-iframe-level2.html",