Make SubresourceWebBundles feature available only in Secure Context #27674
Conversation
|
The review process for this patch is being conducted in the Chromium project. |
chromium-wpt-export-bot
force-pushed the
chromium-export-cl-2703194
branch
2 times, most recently
from
8f01e7f
to
4289cad
We are developing the SubresourceWebBundles feature behind the feature flag. This feature is enabled when --enable-features=SubresourceWebBundles or chrome://flags/#enable-experimental-web-platform-features is enabled even when the page is non-Secure Context. But according to this doc, we should make powerful new features available only to secure origins. https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features So this CL makes the SubresourceWebBundles feature available only in Secure Context by: (1) Add [SecureContext] extended attribute to `resources` and `scopes` attribute of HTMLLinkElement in html_link_element.idl. (2) Check IsSecureContext() also when we check RuntimeEnabledFeatures::SubresourceWebBundlesEnabled(). Note: this restriction doesn’t affect Origin Trial of this feature, because Origin Trials are only enabled for secure origins. Bug: 1082020 Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703194 Commit-Queue: Tsuyoshi Horo <horo@chromium.org> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org> Reviewed-by: Hayato Ito <hayato@chromium.org> Cr-Commit-Position: refs/heads/master@{#856177}
chromium-wpt-export-bot
force-pushed the
chromium-export-cl-2703194
branch
from
4289cad
to
59a38ce
chromium-wpt-export-bot
merged commit 4fc6cf9
into
master
23 checks passed
23 checks passed
Azure Pipelines (affected tests without changes: Safari Technology Preview)
affected tests without changes: Safari Technology Preview succeeded
Details
Azure Pipelines (affected tests: Safari Technology Preview)
affected tests: Safari Technology Preview succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests)
wpt.fyi hook: safari-preview-affected-tests succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes)
wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
We are developing the SubresourceWebBundles feature behind the feature
flag. This feature is enabled when
--enable-features=SubresourceWebBundles or
chrome://flags/#enable-experimental-web-platform-features is enabled
even when the page is non-Secure Context.
But according to this doc, we should make powerful new features
available only to secure origins.
https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features
So this CL makes the SubresourceWebBundles feature available only in
Secure Context by:
(1) Add [SecureContext] extended attribute to
resourcesandscopesattribute of HTMLLinkElement in html_link_element.idl.
(2) Check IsSecureContext() also when we check
RuntimeEnabledFeatures::SubresourceWebBundlesEnabled().
Note: this restriction doesn’t affect Origin Trial of this feature,
because Origin Trials are only enabled for secure origins.
Bug: 1082020
Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703194
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Cr-Commit-Position: refs/heads/master@{#856177}