New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcards in Permissions Policy Origins #482
Conversation
This change will add support for wildcard in permissions policy structured like SCHEME://*.HOST:PORT (e.g., https://*.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://*.bar.foo.com/ works but https://*.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to *). Wildcards in the scheme and port section will be unsupported and https://*.foo.com/ does not delegate to https://foo.com/. Before, a permissions policy might need to look like: permissions-policy: ch-ua-platform-version=(self "https://foo.com" "https://cdn1.foo.com" "https://cdn2.foo.com") With this feature, it could look like: permissions-policy: ch-ua-platform-version=(self "https://foo.com" "https://*.foo.com") This flexibility assists developers that need to delegate permissions to multiple subdomains (e.g., CDNs). This is an in-progress change, the following components are needed: - [x] Update ABNF - [ ] Define matching - [ ] Add example closes #479
@yoavweiss have a sec for review? I want to get the ABNF correct before moving on to deeper integration The other option is to do something more explicit like https://www.w3.org/TR/CSP2/#host_part, but it seemed desirable to not reinvent the wheel since we aren't supporting wildcards everywhere. |
Forgot @yoavweiss is out, @clelland have time to take a look? |
Updated with the matching logic. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-authoritative LGTM
I think there's still a piece missing here -- we're going to need at least 4 parts to incorporate this:
So far, this has the syntax, and correctly defines serialized-origin-with-wildcard-subdomain as a string, but those strings aren't allowed in allowlists (per https://w3c.github.io/webappsec-permissions-policy/#allowlists), and I think that the matching logic is trying to operate directly on those strings, which is awkward -- and to do it right, we'd need to convert back and forth between strings and origins. A way to resolve this would be to change the definition of what an allowlist can contain -- define an "origin with possible wildcard" to be an origin, and a boolean that says whether it also matches subdomains. Then the matching logic can check that boolean to know whether to do the deeper match. Regardless of how we handle it, we'll need to change 9.2. Construct policy from dictionary and origin and 9.3. Parse policy directive to parse the serialized-origin-with-wildcard-subdomain strings explicitly. Currently the call to the URL parser will fail because of the wildcards. |
@clelland good point! I think I integrated at the necessary spots now. |
…atches This CL focuses just on the wildcard subdomain matching function itself as it's a dangerous point of failure and needs deep review. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Parse wildcard subdomain matches in policy (4) Add WPTs Bug: 1345994 Change-Id: I42b4513038e91db0883d3e9afa77c7ebed57e3fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3910955 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Dominick Ng <dominickn@chromium.org> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1052043}
… policy This CL just propagates OriginWithPossibleWildcards up and down the stack. In all cases, the wildcard bool will be set to false as only the next CL will start parsing cases where wildcards are on. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Parse wildcard subdomain matches in policy (4) Add WPTs Bug: 1345994 Change-Id: Id38e069b434193ad3b2e77ec94ccc692a7db31fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3913410 Reviewed-by: Christoph Schwering <schwering@google.com> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Bo Liu <boliu@chromium.org> Reviewed-by: Dominick Ng <dominickn@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Yao Xiao <yaoxia@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Reviewed-by: danakj <danakj@chromium.org> Cr-Commit-Position: refs/heads/main@{#1052570}
I thought the agreement was that any further expansion of the wildcard syntax would require sharing logic with CSP, but that for this restrictive wildcard support a local modification was acceptable. |
I think that any kind of wildcard parsing needs to have shared logic. We don't want multiple independent code paths for this that need to be audited separately and have the opportunity for divergence if future maintainers are not careful. |
We can see the entire thing work end to end now! This includes a fix for the JS permissions inspection API now that it's tested e2e. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Add WPTs (6) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e
We can see the entire thing work end to end now! This includes a fix for the JS permissions inspection API now that it's tested e2e. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Add WPTs (6) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e
We can see the entire thing work end to end now! This includes a fix for the JS permissions inspection API now that it's tested e2e. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e
We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e
We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e
…t parser The next CL will actually use the propagated type, but for now the important thing is to preserve the type so that we can differentiate attribute policies from header policies. Why not fold this CL into the next one which actually uses the type? This code is especially sensitive and I want to divide off portions where possible since the next CL has some very risky code. Why not add a test? This code is all internal, so a DCHECK and existing tests seems sufficient. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I9f5e47f3ca04b63dce0c14c03745a187a4f3171a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3936205 Commit-Queue: Ari Chivukula <arichiv@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Daniel Murphy <dmurph@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056236}
This CL finally implements the critical `origin with subdomain wildcard parser` portion of the code! It's not a lot of code, but needs some deep testing to be sure we aren't opening ourselves up to trouble. WPTs are split into the next CL so that we don't distract from targeted review here. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: Ic8dc79be3262cdd872987c818ce01e959cdce83a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3934705 Commit-Queue: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056237}
…orFeature We need to be sure to fix the getAllowlistForFeature function so that wildcard subdomain permissions aren't 'invisible' to to frontend users. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: Ib41c07c9027fa1aef4b7672155e3232b5372392c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938265 Reviewed-by: Ian Clelland <iclelland@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056241}
We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056243}
This inverts the VTS so we retain testing of the disabled code path. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I269c863da497b1fb352801e848e63c4733fc46f4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938165 Reviewed-by: Koji Ishii <kojii@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056250}
We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056243}
We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056243}
…tions Resolve TODOs in web_applications and support subdomain wildcard. By using the new Serialize/Parse functions we get support for free. This also adds some more testing to hedge against breakage. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add Serialize/Parse functions (2) Use Serialize/Parse in web_applications Bug: 1345994 Change-Id: Id60e022e9f520eda17d20345fd803e1a253c69c0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3933647 Reviewed-by: Dominick Ng <dominickn@chromium.org> Commit-Queue: Dominick Ng <dominickn@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056824}
…atches This CL focuses just on the wildcard subdomain matching function itself as it's a dangerous point of failure and needs deep review. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Parse wildcard subdomain matches in policy (4) Add WPTs Bug: 1345994 Change-Id: I42b4513038e91db0883d3e9afa77c7ebed57e3fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3910955 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Dominick Ng <dominickn@chromium.org> Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1052043} NOKEYCHECK=True GitOrigin-RevId: 4a12e8c0da01f98fa1a0b073100c7cb34b6f6515
… policy This CL just propagates OriginWithPossibleWildcards up and down the stack. In all cases, the wildcard bool will be set to false as only the next CL will start parsing cases where wildcards are on. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Parse wildcard subdomain matches in policy (4) Add WPTs Bug: 1345994 Change-Id: Id38e069b434193ad3b2e77ec94ccc692a7db31fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3913410 Reviewed-by: Christoph Schwering <schwering@google.com> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Bo Liu <boliu@chromium.org> Reviewed-by: Dominick Ng <dominickn@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Yao Xiao <yaoxia@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Reviewed-by: danakj <danakj@chromium.org> Cr-Commit-Position: refs/heads/main@{#1052570} NOKEYCHECK=True GitOrigin-RevId: aa0c119677ae6f9619c3b8a76f54f1bdb2c27f19
…t parser The next CL will actually use the propagated type, but for now the important thing is to preserve the type so that we can differentiate attribute policies from header policies. Why not fold this CL into the next one which actually uses the type? This code is especially sensitive and I want to divide off portions where possible since the next CL has some very risky code. Why not add a test? This code is all internal, so a DCHECK and existing tests seems sufficient. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I9f5e47f3ca04b63dce0c14c03745a187a4f3171a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3936205 Commit-Queue: Ari Chivukula <arichiv@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Daniel Murphy <dmurph@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056236} NOKEYCHECK=True GitOrigin-RevId: b08319971a6a6ff874c5e28ed6d99fe6c2da0815
This CL finally implements the critical `origin with subdomain wildcard parser` portion of the code! It's not a lot of code, but needs some deep testing to be sure we aren't opening ourselves up to trouble. WPTs are split into the next CL so that we don't distract from targeted review here. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: Ic8dc79be3262cdd872987c818ce01e959cdce83a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3934705 Commit-Queue: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056237} NOKEYCHECK=True GitOrigin-RevId: 4e770fa6e25f3013049ec3cb20dab57a9dc07f71
…orFeature We need to be sure to fix the getAllowlistForFeature function so that wildcard subdomain permissions aren't 'invisible' to to frontend users. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: Ib41c07c9027fa1aef4b7672155e3232b5372392c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938265 Reviewed-by: Ian Clelland <iclelland@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056241} NOKEYCHECK=True GitOrigin-RevId: c6a9cf707fbdb6e4299c9234aa98523f76d7a627
We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056243} NOKEYCHECK=True GitOrigin-RevId: 3b7f89aae61b29084cb07f95d0b1fef44f5e4be0
This inverts the VTS so we retain testing of the disabled code path. Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I269c863da497b1fb352801e848e63c4733fc46f4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938165 Reviewed-by: Koji Ishii <kojii@chromium.org> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056250} NOKEYCHECK=True GitOrigin-RevId: c5f4322f2d8199a5befd5784251353cde4bb8468
…PTs, a=testonly Automatic update from web-platform-tests [Permissions Policy Wildcards] (6) Add WPTs We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056243} -- wpt-commits: 65aefb278c8c05feb767bebd3840b1b2dd2d7c61 wpt-pr: 36314
…PTs, a=testonly Automatic update from web-platform-tests [Permissions Policy Wildcards] (6) Add WPTs We can see the entire thing work end to end now! Design doc: w3c/webappsec-permissions-policy#482 This CL is part of a series: (1) Add function to detect subdomain matches (2) Use OriginWithPossibleWildcards in policy (3) Propagate node source to allow list parser (4) Parse wildcard subdomain matches (5) Support wildcards in getAllowlistForFeature (6) Add WPTs (7) Enable by default Bug: 1345994 Change-Id: I8826db4e74eb8a40e09e176459fe5f84343d456e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938164 Auto-Submit: Ari Chivukula <arichiv@chromium.org> Reviewed-by: Koji Ishii <kojii@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1056243} -- wpt-commits: 65aefb278c8c05feb767bebd3840b1b2dd2d7c61 wpt-pr: 36314
Restarting this since it's been a while. Will live on in: |
This change will add support for wildcard in permissions policy structured like SCHEME://.HOST:PORT (e.g., https://.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://.bar.foo.com/ works but https://.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to ). Wildcards in the scheme and port section will be unsupported and https://.foo.com/ does not delegate to https://foo.com/.
Before, a permissions policy might need to look like:
permissions-policy: ch-ua-platform-version=(self "https://foo.com" "https://cdn1.foo.com" "https://cdn2.foo.com")
With this feature, it could look like:
permissions-policy: ch-ua-platform-version=(self "https://foo.com" "https://*.foo.com")
This flexibility assists developers that need to delegate permissions to multiple subdomains (e.g., CDNs).
This is an in-progress change, the following components are needed:
Design Doc: https://docs.google.com/document/d/1_Y5qRs0CO2_R7o8M_YaVAWQvyjXniG70RG2z1a2uwN8/edit
closes #479
Preview | Diff