Open dtapuska opened 5 years ago
In particular, we should snapshot all necessary state for all policies at the time "navigate" is invoked. "Navigate" is always invoked from a stable point in time (we're getting rid of all remaining queue a task to navigate cases that are relevant for this afaik) and so it should be doable to get the necessary state from the source browsing context and navigated browsing context (the former should become the source document).
In particular, we should snapshot all necessary state for all policies at the time "navigate" is invoked.
+1
https://bugs.chromium.org/p/chromium/issues/detail?id=972089#c4 is a concrete failure of this exact bug, where PaymentRequest is enabled in an iframe when it shouldn't be.
The initialization of the feature policy occurs after the navigation completes. But while the child is being navigated it is possible the browser context's policy could change and then inheritence could be incorrect from when the navigation occurred.
See https://github.com/whatwg/html/pull/4772#issuecomment-512256128 and in w3c/webappsec-feature-policy#256