-
Balazs Engedy authored
TL;DR: Only browsing contexts that are same-origin with the top-level context should be able to request the "notifications" permission; but once an origin has obtained the permission, it should see its state as granted, and be permitted to use the related APIs both in first and third party contexts (in the latter case, regardless of the permission state for the top-level origin). In more detail, a cross-origin subframe that had not been granted the NOTIFICATIONS permission previously (in a first-party context) should see the permission as "denied" through all of `Notification.permission`, `pushManager.permissionState`, and `permissions.query`; not be able to prompt for the permission; and not be able to register Push API subscriptions or use the Web Notification API. A cross-origin subframe that had been granted the NOTIFICATIONS permission previously (in a first-party context) should see it as "granted", through all of the above-mentioned API surfaces; and be able to register Push API subscriptions and use the Web Notification API. This CL achieves this by explicitly turning off permission delegation for CONTENT_SETTINGS_TYPE_NOTIFICATIONS. Bug: 987654 Change-Id: Ie7d7dd7da7c9a4630b09a54ba215c883511feb50 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1720831 Commit-Queue: Balazs Engedy <engedy@chromium.org> Reviewed-by:
Peter Beverloo <peter@chromium.org> Reviewed-by:
Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#682221}
f39e22b4
