Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add [SecureContext] to derived interfaces #313

Closed
7 tasks done
anssiko opened this issue Oct 16, 2017 · 5 comments
Closed
7 tasks done

Add [SecureContext] to derived interfaces #313

anssiko opened this issue Oct 16, 2017 · 5 comments

Comments

@anssiko
Copy link
Member

anssiko commented Oct 16, 2017
edited
Loading

[This is a meta issue to track changes to the interfaces that inherit from Sensor.]

All concrete sensors https://www.w3.org/2009/dap/#sensors that inherit from Sensor are only available within a secure context, since they implement https://w3c.github.io/sensors/#mitigation-strategies.

However, the WebIDL spec states the following:

An interface without the [SecureContext] extended attribute must not inherit from another interface that does specify [SecureContext].

To fix this, the [SecureContext] extended attribute must be added to the following derived interfaces:

  • AmbientLightSensor
  • ProximitySensor
  • Accelerometer LinearAccelerationSensor GravitySensor
  • Magnetometer UncalibratedMagnetometer
  • Gyroscope
  • OrientationSensor AbsoluteOrientationSensor RelativeOrientationSensor
  • GeolocationSensor

The IDL guidance to concrete spec authors https://w3c.github.io/sensors/#example-webidl does include the [SecureContext] extended attribute already, so we're covered on that part. Perhaps worth looking that the prose in that section is aligned.

Raised by @foolip in https://github.com/WICG/geolocation-sensor/issues/8
@anssiko anssiko mentioned this issue Oct 16, 2017
Closed
This was referenced Oct 16, 2017
Merged
Merged
This was referenced Oct 16, 2017
Merged
Merged
This was referenced Oct 16, 2017
Merged
Merged
Merged
@anssiko
Copy link
Member Author

anssiko commented Oct 16, 2017

All changes to the derived interfaces have been landed. Thanks everyone who contributed and @foolip for bringing this issue to our attention.

In addition to the IDL changes to the derived interfaces, I revisited the Generic Sensor API prose that talks about secure context and concluded no change are needed. Per WebIDL any derived interface must use [SecureContext] and the example IDL in https://w3c.github.io/sensors/#example-webidl makes that clear. The informative section https://w3c.github.io/sensors/#secure-context gives further context.

We can now close this meta issue.

@anssiko anssiko closed this as completed Oct 16, 2017
@foolip
Copy link
Member

foolip commented Oct 16, 2017

That was quick, thanks!

Merged
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this issue Oct 17, 2017
@chromium-wpt-export-bot
Add [SecureContext] IDL attribute to sensor interfaces
00d4bcc 
As it follows from w3c/sensors#313

Change-Id: Ic81e118b2a3c8db6d8b30ee61ef8811b88a0f970
@rakuco
Copy link
Member

rakuco commented Oct 17, 2017

Somewhat related: https://w3c.github.io/sensors/#construct-sensor-object says

If the current settings object is not a secure context, then:

  • Throw a SecurityError DOMException.

Is that still necessary, given Sensor and its derived interfaces all have the [SecureContext] extended attribute? IOW, there should be no situation where we'd reach the point where we're constructing a sensor object outside a secure context.

@pozdnyakov
Copy link

@rakuco pls see #314

chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this issue Oct 17, 2017
@chromium-wpt-export-bot
Add [SecureContext] IDL attribute to sensor interfaces
889df55 
As it follows from w3c/sensors#313

Change-Id: Ic81e118b2a3c8db6d8b30ee61ef8811b88a0f970
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this issue Oct 18, 2017
@chromium-wpt-export-bot
Add [SecureContext] IDL attribute to sensor interfaces
4564d73 
As it follows from w3c/sensors#313

Change-Id: Ic81e118b2a3c8db6d8b30ee61ef8811b88a0f970
Reviewed-on: https://chromium-review.googlesource.com/721742
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com>
Cr-Commit-Position: refs/heads/master@{#509707}
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this issue Oct 18, 2017
@chromium-wpt-export-bot
Add [SecureContext] IDL attribute to sensor interfaces
5136eac 
As it follows from w3c/sensors#313

Change-Id: Ic81e118b2a3c8db6d8b30ee61ef8811b88a0f970
Reviewed-on: https://chromium-review.googlesource.com/721742
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com>
Cr-Commit-Position: refs/heads/master@{#509707}
@rakuco
Copy link
Member

rakuco commented Oct 18, 2017

@rakuco pls see #314

Awesome, thanks!

MXEBot pushed a commit to mirror/chromium that referenced this issue Oct 19, 2017
Add [SecureContext] IDL attribute to sensor interfaces
750409c 
As it follows from w3c/sensors#313

Change-Id: Ic81e118b2a3c8db6d8b30ee61ef8811b88a0f970
Reviewed-on: https://chromium-review.googlesource.com/721742
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com>
Cr-Commit-Position: refs/heads/master@{#509707}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rakuco @foolip @anssiko @pozdnyakov