Add document policy to origin trial

Bug: 993790 Change-Id: I3c6e738d9b409854a046f215858bd82f628e8442 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031602Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Rodney Ding <rodneyding@google.com> Cr-Commit-Position: refs/heads/master@{#745095}

Add document policy to origin trial
Bug: 993790 Change-Id: I3c6e738d9b409854a046f215858bd82f628e8442 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031602Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Rodney Ding <rodneyding@google.com> Cr-Commit-Position: refs/heads/master@{#745095}
56b38295 · Rodney Ding · Commit Bot · c078f086 · 56b38295 · 56b38295
Commit 56b38295 authored Feb 27, 2020 by Rodney Ding Committed by Commit Bot Feb 27, 2020
6 changed files
--- a/third_party/blink/renderer/core/execution_context/execution_context.cc
+++ b/third_party/blink/renderer/core/execution_context/execution_context.cc
@@ -461,6 +461,10 @@ bool ExecutionContext::IsFeatureEnabled(
 bool ExecutionContext::IsFeatureEnabled(
    mojom::blink::DocumentPolicyFeature feature) const {
+  // The default value for any feature should be true unless restricted by
+  // document policy
+  if (!RuntimeEnabledFeatures::DocumentPolicyEnabled(this))
+    return true;
  PolicyValue threshold_value = PolicyValue::CreateMaxPolicyValue(
      GetDocumentPolicyFeatureInfoMap().at(feature).default_value.Type());
  return IsFeatureEnabled(feature, threshold_value);
@@ -469,6 +473,10 @@ bool ExecutionContext::IsFeatureEnabled(
 bool ExecutionContext::IsFeatureEnabled(
    mojom::blink::DocumentPolicyFeature feature,
    PolicyValue threshold_value) const {
+  // The default value for any feature should be true unless restricted by
+  // document policy
+  if (!RuntimeEnabledFeatures::DocumentPolicyEnabled(this))
+    return true;
  return GetSecurityContext().IsFeatureEnabled(feature, threshold_value);
 }

--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -822,9 +822,6 @@ void DocumentLoader::ReplaceWithEmptyDocument() {
 }
 DocumentPolicy::FeatureState DocumentLoader::CreateDocumentPolicy() {
-  if (!RuntimeEnabledFeatures::DocumentPolicyEnabled())
-    return DocumentPolicy::FeatureState{};
  // For URLs referring to local content to parent frame, they have no way to
  // specify the document policy they use. If the parent frame requires a
  // document policy on them, use the required policy as effective policy.
@@ -832,6 +829,8 @@ DocumentPolicy::FeatureState DocumentLoader::CreateDocumentPolicy() {
      url_.ProtocolIs("blob") || url_.ProtocolIs("filesystem"))
    return frame_policy_.required_document_policy;
+  // Assume Document policy feature is enabled so we can check the
+  // Required- headers. Will re-validate when we install the new Document.
  const DocumentPolicy::FeatureState header_policy =
      DocumentPolicyParser::Parse(
          response_.HttpHeaderField(http_names::kDocumentPolicy))
@@ -1480,6 +1479,10 @@ void DocumentLoader::InstallNewDocument(
    MergeFeaturesFromOriginPolicy(feature_policy, origin_policy_.value());
  }
+  // Re-validate Document Policy feature before installing the new document.
+  if (!RuntimeEnabledFeatures::DocumentPolicyEnabled(owner_document))
+    document_policy_ = DocumentPolicy::FeatureState{};
  DocumentInit init =
      DocumentInit::Create()
          .WithDocumentLoader(this)

--- a/third_party/blink/renderer/core/origin_trials/origin_trial_context.cc
+++ b/third_party/blink/renderer/core/origin_trials/origin_trial_context.cc
@@ -20,6 +20,7 @@
 #include "third_party/blink/renderer/core/origin_trials/origin_trials.h"
 #include "third_party/blink/renderer/core/workers/worklet_global_scope.h"
 #include "third_party/blink/renderer/platform/bindings/origin_trial_features.h"
+#include "third_party/blink/renderer/platform/bindings/script_state.h"
 #include "third_party/blink/renderer/platform/instrumentation/histogram.h"
 #include "third_party/blink/renderer/platform/runtime_enabled_features.h"
 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"

--- a/third_party/blink/renderer/core/origin_trials/origin_trial_context.h
+++ b/third_party/blink/renderer/core/origin_trials/origin_trial_context.h
@@ -17,6 +17,7 @@
 namespace blink {
 class ExecutionContext;
+class ScriptState;
 // The Origin Trials Framework provides limited access to experimental features,
 // on a per-origin basis (origin trials). This class provides the implementation

--- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
+++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5
@@ -603,6 +603,7 @@
    },
    {
      name: "DocumentPolicy",
+      origin_trial_feature_name: "DocumentPolicy",
      status: "experimental",
    },
    {

--- a/third_party/blink/web_tests/http/tests/origin_trials/webexposed/document-policy-origin-trial-interfaces-enabled.php
+++ b/third_party/blink/web_tests/http/tests/origin_trials/webexposed/document-policy-origin-trial-interfaces-enabled.php
+<?php
+# Generate token with the command:
+# generate_token.py http://127.0.0.1:8000 DocumentPolicy --expire-timestamp=2000000000
+header("Origin-Trial: Ak4CsAXUdUgi3o77HXbvmBfDxj2vdzWBqqTl9/WEkfaVRowGsyVaMk3Vgn4AXtGJeOPfxf3E0Zh+WUOYHQOrcA0AAABWeyJvcmlnaW4iOiAiaHR0cDovLzEyNy4wLjAuMTo4MDAwIiwgImZlYXR1cmUiOiAiRG9jdW1lbnRQb2xpY3kiLCAiZXhwaXJ5IjogMjAwMDAwMDAwMH0=");
+?>
+<title>Document policy interface - enabled by origin trial</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+test(t => {
+  var iframeInterfaceNames = Object.getOwnPropertyNames(this.HTMLIFrameElement.prototype);
+  assert_in_array('policy', iframeInterfaceNames);
+}, 'Document Policy `policy` attribute exists in origin-trial enabled document.');
+</script>
+</body>