From 2c5c3aa1248d07db60323bbff3f3cd225faf024f Mon Sep 17 00:00:00 2001
From: Raymes Khoury
Date: Tue, 10 Oct 2017 16:03:15 +1100
Subject: [PATCH 1/2] Add support for permissions that have an associated
Feature Policy
This adds support for denying access to permissions which are not
allowed in the current context based on an associated Feature Policy.
The Feature Name and Default Allowlist of a policy-controlled feature
must still be declared in the owning spec. This also removes specific
support for the media feature policy which is covered by the more
general support.
---
index.bs | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/index.bs b/index.bs
index 91c848b..d848df0 100644
--- a/index.bs
+++ b/index.bs
@@ -44,6 +44,11 @@ spec: sensors; urlPrefix: https://w3c.github.io/sensors/#
spec: manifest; urlPrefix: https://w3c.github.io/manifest/#
type: dfn
text: install; url: dfn-install
+spec: feature-policy; urlPrefix: https://wicg.github.io/feature-policy/#
+ type: dfn
+ text: policy-controlled feature
+ type: dfn
+ text: feature name
@@ -233,6 +238,21 @@ spec: webidl
and |descriptor|.{{PermissionDescriptor/name}}
isn't
allowed in non-secure contexts, then return {{"denied"}}.
+
+ If there exists a policy-controlled feature with a
+ feature name that is equal to
+ |descriptor|.{{PermissionDescriptor/name}}
and
+ |settings| has an associated `Document` named document,
+ run the following step:
+
+ -
+ If document is not allowed to use the feature
+ with the feature name
+
|descriptor|.{{PermissionDescriptor/name}}
+ return {{"denied"}}.
+
+
+
If there was a previous invocation of this algorithm with the same
|descriptor| and |settings|, returning
@@ -786,13 +806,6 @@ spec: webidl
allowed in non-secure contexts. {{"camera"}} and {{"microphone"}}
MAY be allowed in non-secure contexts.
-
- If the current global object has an associated `Document`,
- and that {{Document}} is not allowed to use the feature indicated
- by attribute name <{iframe/allowusermedia}>, then the permission
- state of any descriptor with a {{PermissionDescriptor/name}} of
- {{"camera"}} or {{"microphone"}} must be {{"denied"}}.
-
-
permission descriptor type
From e5f7e854d5e438effd40043031f3352c2ffd620c Mon Sep 17 00:00:00 2001
From: Raymes Khoury
Date: Mon, 3 Sep 2018 16:54:40 +1000
Subject: [PATCH 2/2] Update to comply with recent FP spec
---
index.bs | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/index.bs b/index.bs
index d848df0..c52bc4e 100644
--- a/index.bs
+++ b/index.bs
@@ -44,11 +44,6 @@ spec: sensors; urlPrefix: https://w3c.github.io/sensors/#
spec: manifest; urlPrefix: https://w3c.github.io/manifest/#
type: dfn
text: install; url: dfn-install
-spec: feature-policy; urlPrefix: https://wicg.github.io/feature-policy/#
- type: dfn
- text: policy-controlled feature
- type: dfn
- text: feature name
@@ -239,16 +234,13 @@ spec: webidl
allowed in non-secure contexts, then return {{"denied"}}.
-
- If there exists a policy-controlled feature with a
- feature name that is equal to
-
|descriptor|.{{PermissionDescriptor/name}}
and
- |settings| has an associated `Document` named document,
- run the following step:
+ If there exists a [=policy-controlled feature=] identified by
+ |descriptor|.{{PermissionDescriptor/name}}
and |settings| has an
+ associated `Document` named document, run the following step:
-
If document is not allowed to use the feature
- with the feature name
-
|descriptor|.{{PermissionDescriptor/name}}
+ identified by |descriptor|.{{PermissionDescriptor/name}}
return {{"denied"}}.