Enable Feature Policy control over setting `document.domain`.

Intent: https://groups.google.com/a/chromium.org/d/msg/blink-dev/Ff6Ywg5vnh4/VbDH4X6wBQAJ Explainer: https://github.com/WICG/feature-policy/issues/241 Spec PR: https://github.com/whatwg/html/pull/4170 Bug: 904351 Change-Id: I14c0c3c871a01017f9c2bcbe8ed41c7b26782e71 Reviewed-on: https://chromium-review.googlesource.com/c/1329791 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/master@{#607530}

Enable Feature Policy control over setting `document.domain`.
Intent: https://groups.google.com/a/chromium.org/d/msg/blink-dev/Ff6Ywg5vnh4/VbDH4X6wBQAJ Explainer: https://github.com/WICG/feature-policy/issues/241 Spec PR: https://github.com/whatwg/html/pull/4170 Bug: 904351 Change-Id: I14c0c3c871a01017f9c2bcbe8ed41c7b26782e71 Reviewed-on: https://chromium-review.googlesource.com/c/1329791 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/master@{#607530}
59b93fee · Mike West · Commit Bot · 0028b6de · 59b93fee · 59b93fee
Commit 59b93fee authored Nov 13, 2018 by Mike West Committed by Commit Bot Nov 13, 2018
4 changed files
--- a/third_party/WebKit/LayoutTests/external/wpt/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_feature_policy.tentative.sub.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_feature_policy.tentative.sub.html
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <script>
+  run_all_fp_tests_allow_all(
+      'http://{{domains[www]}}:{{ports[http][0]}}',
+      'document-domain',
+      'SecurityError',
+      () => {
+        return new Promise((resolve, reject) => {
+          try {
+            document.domain = "{{domains[]}}";
+            resolve();
+          } catch(e) {
+            reject(e);
+          }
+       });
+      });
+  </script>
+</body>
--- a/third_party/blink/common/feature_policy/feature_policy.cc
+++ b/third_party/blink/common/feature_policy/feature_policy.cc
@@ -255,6 +255,8 @@ const FeaturePolicy::FeatureList& FeaturePolicy::GetDefaultFeatureList() {
        FeaturePolicy::FeatureDefault::EnableForSelf},
       {mojom::FeaturePolicyFeature::kCamera,
        FeaturePolicy::FeatureDefault::EnableForSelf},
+       {mojom::FeaturePolicyFeature::kDocumentDomain,
+        FeaturePolicy::FeatureDefault::EnableForAll},
       {mojom::FeaturePolicyFeature::kDocumentWrite,
        FeaturePolicy::FeatureDefault::EnableForAll},
       {mojom::FeaturePolicyFeature::kEncryptedMedia,

--- a/third_party/blink/renderer/core/dom/document.cc
+++ b/third_party/blink/renderer/core/dom/document.cc
@@ -5404,6 +5404,15 @@ void Document::setDomain(const String& raw_domain,
                         ExceptionState& exception_state) {
  UseCounter::Count(*this, WebFeature::kDocumentSetDomain);

+  const String feature_policy_error =
+      "Setting `document.domain` is disabled by Feature Policy.";
+  if (!IsFeatureEnabled(mojom::FeaturePolicyFeature::kDocumentDomain,
+                        ReportOptions::kReportOnFailure,
+                        feature_policy_error)) {
+    exception_state.ThrowSecurityError(feature_policy_error);
+    return;
+  }
+
  if (!frame_) {
    exception_state.ThrowSecurityError(
        "A browsing context is required to set a domain.");

--- a/third_party/blink/renderer/core/feature_policy/feature_policy.cc
+++ b/third_party/blink/renderer/core/feature_policy/feature_policy.cc
@@ -252,6 +252,8 @@ const FeatureNameMap& GetDefaultFeatureNameMap() {
          "layout-animations", mojom::FeaturePolicyFeature::kLayoutAnimations);
      default_feature_name_map.Set("document-write",
                                   mojom::FeaturePolicyFeature::kDocumentWrite);
+      default_feature_name_map.Set(
+          "document-domain", mojom::FeaturePolicyFeature::kDocumentDomain);
      default_feature_name_map.Set(
          "unoptimized-images",
          mojom::FeaturePolicyFeature::kUnoptimizedImages);