Allow SharedStorage APIs in FLEDGE fenced frames.

Right now, features like SharedStorage's selectURL() are not allowed inside of a fenced frame created with FLEDGE. There is no security/privacy benefit to having this restriction, so it should be removed to have consistent behavior across fenced frames loaded with different APIs. (cherry picked from commit 314cd86) Bug: 1450902 Change-Id: I5714e584ee445eab2d2c42c654cb0fd1971ce691 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4584988 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Josh Karlin <jkarlin@chromium.org> Commit-Queue: Liam Brady <lbrady@google.com> Cr-Original-Commit-Position: refs/heads/main@{#1152619} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4588452 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/5790@{#361} Cr-Branched-From: 1d71a33-refs/heads/main@{#1148114}
chromium · Jun 5, 2023 · 34ede36 · 34ede36
1 parent 817dc15
commit 34ede36
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 6 deletions.
diff --git a/third_party/blink/common/permissions_policy/permissions_policy_unittest.cc b/third_party/blink/common/permissions_policy/permissions_policy_unittest.cc
@@ -2574,7 +2574,7 @@ TEST_F(PermissionsPolicyTest, CreateForFledgeFencedFrame) {
   EXPECT_FALSE(policy->IsFeatureEnabled(kDefaultSelfFeature));
   EXPECT_TRUE(policy->IsFeatureEnabled(
       mojom::PermissionsPolicyFeature::kAttributionReporting));
-  EXPECT_FALSE(policy->IsFeatureEnabled(
+  EXPECT_TRUE(policy->IsFeatureEnabled(
       mojom::PermissionsPolicyFeature::kSharedStorage));
 }
 

diff --git a/third_party/blink/public/common/frame/fenced_frame_permissions_policies.h b/third_party/blink/public/common/frame/fenced_frame_permissions_policies.h
@@ -15,7 +15,9 @@ namespace blink {
 constexpr blink::mojom::PermissionsPolicyFeature
     kFencedFrameFledgeDefaultRequiredFeatures[] = {
         blink::mojom::PermissionsPolicyFeature::kAttributionReporting,
-        blink::mojom::PermissionsPolicyFeature::kPrivateAggregation};
+        blink::mojom::PermissionsPolicyFeature::kPrivateAggregation,
+        blink::mojom::PermissionsPolicyFeature::kSharedStorage,
+        blink::mojom::PermissionsPolicyFeature::kSharedStorageSelectUrl};
 
 constexpr blink::mojom::PermissionsPolicyFeature
     kFencedFrameSharedStorageDefaultRequiredFeatures[] = {

diff --git a/...ty/blink/web_tests/external/wpt/fenced-frame/resources/default-enabled-features-helper.js b/...ty/blink/web_tests/external/wpt/fenced-frame/resources/default-enabled-features-helper.js
@@ -31,15 +31,23 @@ async function runDefaultEnabledFeaturesTest(t, should_load, fenced_origin,
         "frame loaded using FLEDGE or shared storage.");
 
     if (generator_api == "fledge") {
-      assert_false(
+      assert_true(
             document.featurePolicy.allowsFeature('shared-storage'),
-            "Shared storage should be disallowed if the fenced " +
+            "Shared Storage should be allowed if the fenced " +
+            "frame loaded using FLEDGE.");
+      assert_true(
+            document.featurePolicy.allowsFeature('private-aggregation'),
+            "Private Aggregation should be allowed if the fenced " +
             "frame loaded using FLEDGE.");
     } else {
       assert_true(
             document.featurePolicy.allowsFeature('shared-storage'),
-            "Shared storage should be allowed if the fenced " +
-            "frame loaded using shared storage.");
+            "Shared Storage should be allowed if the fenced " +
+            "frame loaded using Shared Storage.");
+      assert_false(
+            document.featurePolicy.allowsFeature('private-aggregation'),
+            "Private Aggregation should be disabled if the fenced " +
+            "frame loaded using Shared Storage.");
     }
   }, [generator_api]);
 }