See the "Permissions Changes" section of this document for details.
Fenced frames with unpartitioned data access need to be able to allow certain permissions policy-backed features (mainly Shared Storage) in order to function properly. This PR accomplishes that by allowing these fenced frames to inherit permissions policies the way that iframes do, but only allows a select list of permissions policies to be enabled. More specifically, this PR:
Introduces the concept of a "fixed permissions policy" and "flexible permissions policy" in a FencedFrameConfig.
Removes Derive a permissions policy directly from a fenced frame config instance in favor of a new Create a permissions policy for a fenced navigable algorithm, which handles both "fixed" and "flexible" permissions policies being created in a fenced frame.
Renames the fenced parameter used when checking if navigation to a fenced frame should be blocked by permissions policy to matches all. This is done to avoid confusion with the Create a permissions policy for a fenced navigable algorithm and to make it clear that the boolean specifically affects whether a permission will be inherited in the ultimately created permissions policy if the allowlist matches itself or just matches the wildcard *.
See the "Permissions Changes" section of this document for details.
Fenced frames with unpartitioned data access need to be able to allow certain permissions policy-backed features (mainly Shared Storage) in order to function properly. This PR accomplishes that by allowing these fenced frames to inherit permissions policies the way that iframes do, but only allows a select list of permissions policies to be enabled. More specifically, this PR:
Derive a permissions policy directly from a fenced frame config instance
in favor of a newCreate a permissions policy for a fenced navigable
algorithm, which handles both "fixed" and "flexible" permissions policies being created in a fenced frame.fenced
parameter used when checking if navigation to a fenced frame should be blocked by permissions policy tomatches all
. This is done to avoid confusion with theCreate a permissions policy for a fenced navigable
algorithm and to make it clear that the boolean specifically affects whether a permission will be inherited in the ultimately created permissions policy if the allowlist matches itself or just matches the wildcard*
.Preview | Diff