Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make SubresourceWebBundles feature available only in Secure Context #27674

Merged
merged 1 commit into from Feb 22, 2021

Conversation

@chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Feb 18, 2021

We are developing the SubresourceWebBundles feature behind the feature
flag. This feature is enabled when
--enable-features=SubresourceWebBundles or
chrome://flags/#enable-experimental-web-platform-features is enabled
even when the page is non-Secure Context.

But according to this doc, we should make powerful new features
available only to secure origins.
https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

So this CL makes the SubresourceWebBundles feature available only in
Secure Context by:
(1) Add [SecureContext] extended attribute to resources and scopes
attribute of HTMLLinkElement in html_link_element.idl.
(2) Check IsSecureContext() also when we check
RuntimeEnabledFeatures::SubresourceWebBundlesEnabled().

Note: this restriction doesn’t affect Origin Trial of this feature,
because Origin Trials are only enabled for secure origins.

Bug: 1082020
Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703194
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Cr-Commit-Position: refs/heads/master@{#856177}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

The review process for this patch is being conducted in the Chromium project.

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2703194 branch 2 times, most recently from 8f01e7f to 4289cad Feb 22, 2021
We are developing the SubresourceWebBundles feature behind the feature
flag. This feature is enabled when
--enable-features=SubresourceWebBundles or
chrome://flags/#enable-experimental-web-platform-features is enabled
even when the page is non-Secure Context.

But according to this doc, we should make powerful new features
available only to secure origins.
https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

So this CL makes the SubresourceWebBundles feature available only in
Secure Context by:
 (1) Add [SecureContext] extended attribute to `resources` and `scopes`
     attribute of HTMLLinkElement in html_link_element.idl.
 (2) Check IsSecureContext() also when we check
     RuntimeEnabledFeatures::SubresourceWebBundlesEnabled().

Note: this restriction doesn’t affect Origin Trial of this feature,
because Origin Trials are only enabled for secure origins.

Bug: 1082020
Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703194
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Cr-Commit-Position: refs/heads/master@{#856177}
@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2703194 branch from 4289cad to 59a38ce Feb 22, 2021
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit 4fc6cf9 into master Feb 22, 2021
23 checks passed
23 checks passed
update-pr-preview
Details
Azure Pipelines Build #20210222.6 succeeded
Details
Azure Pipelines (./wpt test-jobs) ./wpt test-jobs succeeded
Details
Azure Pipelines (affected tests without changes: Safari Technology Preview) affected tests without changes: Safari Technology Preview succeeded
Details
Azure Pipelines (affected tests: Safari Technology Preview) affected tests: Safari Technology Preview succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests) wpt.fyi hook: safari-preview-affected-tests succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes) wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
download-firefox-nightly Community-TC (pull_request)
Details
lint Community-TC (pull_request)
Details
sink-task Community-TC (pull_request)
Details
staging.wpt.fyi - chrome[experimental] Chrome results
Details
staging.wpt.fyi - firefox[experimental] Firefox results
Details
staging.wpt.fyi - safari[experimental] Safari results
Details
wpt-chrome-dev-results Community-TC (pull_request)
Details
wpt-chrome-dev-results-without-changes Community-TC (pull_request)
Details
wpt-chrome-dev-stability Community-TC (pull_request)
Details
wpt-decision-task Community-TC (pull_request)
Details
wpt-firefox-nightly-results Community-TC (pull_request)
Details
wpt-firefox-nightly-results-without-changes Community-TC (pull_request)
Details
wpt-firefox-nightly-stability Community-TC (pull_request)
Details
wpt.fyi - chrome[experimental] Chrome results
Details
wpt.fyi - firefox[experimental] Firefox results
Details
wpt.fyi - safari[experimental] Safari results
Details
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-2703194 branch Feb 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants