Reenable framebusting intervention for M67+

This reverts commit 16fdb6c5. Reason for revert: this was disabled just before the M66 branch point, reenabling on trunk. Original change's description: > Disable framebusting intervention for M66. > > Will reenable on trunk after the M66 branch point passes. M67 is the new target. > > Bug: 624061 > Change-Id: Ied8563bbc21d3df3182a80aa5f5d1706ed0224d4 > > TBR=nasko@chromium.org,ojan@chromium.org,japhet@chromium.org > > Change-Id: Ied8563bbc21d3df3182a80aa5f5d1706ed0224d4 > Reviewed-on: https://chromium-review.googlesource.com/941615 > Commit-Queue: Nate Chapin <japhet@chromium.org> > Reviewed-by: Nate Chapin <japhet@chromium.org> > Cr-Commit-Position: refs/heads/master@{#539998} TBR=nasko@chromium.org,ojan@chromium.org,japhet@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 624061 Change-Id: I2db91d03d134cb8aa2febcd5f7d923d45bf41814 Reviewed-on: https://chromium-review.googlesource.com/980896Reviewed-by: Nate Chapin <japhet@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#546141}

Reenable framebusting intervention for M67+
This reverts commit 16fdb6c5. Reason for revert: this was disabled just before the M66 branch point, reenabling on trunk. Original change's description: > Disable framebusting intervention for M66. > > Will reenable on trunk after the M66 branch point passes. M67 is the new target. > > Bug: 624061 > Change-Id: Ied8563bbc21d3df3182a80aa5f5d1706ed0224d4 > > TBR=nasko@chromium.org,ojan@chromium.org,japhet@chromium.org > > Change-Id: Ied8563bbc21d3df3182a80aa5f5d1706ed0224d4 > Reviewed-on: https://chromium-review.googlesource.com/941615 > Commit-Queue: Nate Chapin <japhet@chromium.org> > Reviewed-by: Nate Chapin <japhet@chromium.org> > Cr-Commit-Position: refs/heads/master@{#539998} TBR=nasko@chromium.org,ojan@chromium.org,japhet@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 624061 Change-Id: I2db91d03d134cb8aa2febcd5f7d923d45bf41814 Reviewed-on: https://chromium-review.googlesource.com/980896Reviewed-by: Nate Chapin <japhet@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#546141}
64f4e318 · Nate Chapin · Commit Bot · 5d97f053 · 64f4e318 · 64f4e318
Commit 64f4e318 authored Mar 27, 2018 by Nate Chapin Committed by Commit Bot Mar 27, 2018
5 changed files
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -115,7 +115,7 @@ const base::Feature kFontCacheScaling{"FontCacheScaling",
 // same-origin to the top frame, or if a user gesture is being processed.
 const base::Feature kFramebustingNeedsSameOriginOrUserGesture{
    "FramebustingNeedsSameOriginOrUserGesture",
-    base::FEATURE_DISABLED_BY_DEFAULT};
+    base::FEATURE_ENABLED_BY_DEFAULT};
 // Enables extended Gamepad API features like motion tracking and haptics.
 const base::Feature kGamepadExtensions{"GamepadExtensions",

--- a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html
 <html>
 <body>
-The navigation should succeed. This text shouldn't appear.
+The navigation should fail. This text should be visible.
 <script>
 window.onload = function()
 {
    try {
        top.location = "http://localhost:8000/security/frameNavigation/resources/navigation-changed-iframe.html";
-        top.postMessage("PASS", "*");
-    } catch(e) {
        top.postMessage("FAIL", "*");
+    } catch(e) {
+        top.postMessage("PASS", "*");
    }
 }
 </script>

--- a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent-expected.txt
-localhost
-PASSED: Navigation succeeded.
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+The navigation should fail. This text should be visible.
--- a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture-expected.txt
-CONSOLE WARNING: line 8: Frame with URL 'http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html' attempted to navigate its top-level window with URL 'http://127.0.0.1:8000/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html'. Navigating the top-level window from a cross-origin iframe will soon require that the iframe has received a user gesture. See https://www.chromestatus.com/features/5851021045661696.
+CONSOLE ERROR: line 8: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/features/5851021045661696.
-localhost
-PASSED: Navigation succeeded.
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+The navigation should fail. This text should be visible.
--- a/third_party/WebKit/Source/platform/runtime_enabled_features.json5
+++ b/third_party/WebKit/Source/platform/runtime_enabled_features.json5
@@ -501,7 +501,7 @@
    {
      name: "FramebustingNeedsSameOriginOrUserGesture",
      settable_from_internals: true,
-      status: "experimental",
+      status: "stable",
    },
    {
      name: "FramesTimingFunction",