Commit aa1b7dea authored by Raymes Khoury's avatar Raymes Khoury Committed by Commit Bot

Change scoping type of some content settings to be more accurate

With permission delegation, permissions should generally not be set
for embedded origins from UI (e.g. prompts, etc.). Therefore the default
scoping type should not be REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE
going forward. Some existing settings use this scoping type even though
they don't need to:
-The user pref for CONTENT_SETTINGS_TYPE_BLUETOOTH_GUARD is never set
from UI so the scoping type is not important.
-Accessibility events should be using permission delegation when it
launches and so having it set to the requesting origin is appropriate
-Payment handler is allowed by default but can be blocked for specific
origins. I would suggest that behaves like JS, popups, etc. in that if
the user blocks a certain origin, all origins that are embedded on that
page are also blocked.
-Clipboard is only currently only allowed for top level origins. If/when
it gets exposed to iframes, it should use permission delegation.

Bug: 802945
Change-Id: I2aaa2b67634571422b564f0a4e23b8c5a3d965c2
Reviewed-on: https://chromium-review.googlesource.com/954522Reviewed-by: default avatarTimothy Loh <timloh@chromium.org>
Reviewed-by: default avatarDominic Mazzoni <dmazzoni@chromium.org>
Reviewed-by: default avatarJinho Bang <jinho.bang@samsung.com>
Reviewed-by: default avatarRouslan Solomakhin <rouslan@chromium.org>
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543970}
parent fd05822c
...@@ -312,7 +312,7 @@ void ContentSettingsRegistry::Init() { ...@@ -312,7 +312,7 @@ void ContentSettingsRegistry::Init() {
CONTENT_SETTING_ASK, WebsiteSettingsInfo::UNSYNCABLE, CONTENT_SETTING_ASK, WebsiteSettingsInfo::UNSYNCABLE,
WhitelistedSchemes(), WhitelistedSchemes(),
ValidSettings(CONTENT_SETTING_ASK, CONTENT_SETTING_BLOCK), ValidSettings(CONTENT_SETTING_ASK, CONTENT_SETTING_BLOCK),
WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
WebsiteSettingsRegistry::DESKTOP | WebsiteSettingsRegistry::DESKTOP |
WebsiteSettingsRegistry::PLATFORM_ANDROID, WebsiteSettingsRegistry::PLATFORM_ANDROID,
ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE); ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE);
...@@ -322,7 +322,7 @@ void ContentSettingsRegistry::Init() { ...@@ -322,7 +322,7 @@ void ContentSettingsRegistry::Init() {
WhitelistedSchemes(), WhitelistedSchemes(),
ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK, ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK,
CONTENT_SETTING_ASK), CONTENT_SETTING_ASK),
WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
WebsiteSettingsRegistry::DESKTOP | WebsiteSettingsRegistry::DESKTOP |
WebsiteSettingsRegistry::PLATFORM_ANDROID, WebsiteSettingsRegistry::PLATFORM_ANDROID,
ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE); ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE);
...@@ -340,7 +340,7 @@ void ContentSettingsRegistry::Init() { ...@@ -340,7 +340,7 @@ void ContentSettingsRegistry::Init() {
WhitelistedSchemes(), WhitelistedSchemes(),
ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK, ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK,
CONTENT_SETTING_ASK), CONTENT_SETTING_ASK),
WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
WebsiteSettingsRegistry::DESKTOP | WebsiteSettingsRegistry::DESKTOP |
WebsiteSettingsRegistry::PLATFORM_ANDROID, WebsiteSettingsRegistry::PLATFORM_ANDROID,
ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE); ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE);
...@@ -349,7 +349,7 @@ void ContentSettingsRegistry::Init() { ...@@ -349,7 +349,7 @@ void ContentSettingsRegistry::Init() {
CONTENT_SETTING_ALLOW, WebsiteSettingsInfo::UNSYNCABLE, CONTENT_SETTING_ALLOW, WebsiteSettingsInfo::UNSYNCABLE,
WhitelistedSchemes(), WhitelistedSchemes(),
ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK), ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK),
WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, WebsiteSettingsInfo::TOP_LEVEL_ORIGIN_ONLY_SCOPE,
WebsiteSettingsRegistry::DESKTOP | WebsiteSettingsRegistry::DESKTOP |
WebsiteSettingsRegistry::PLATFORM_ANDROID, WebsiteSettingsRegistry::PLATFORM_ANDROID,
ContentSettingsInfo::INHERIT_IN_INCOGNITO); ContentSettingsInfo::INHERIT_IN_INCOGNITO);
......
...@@ -39,6 +39,10 @@ class WebsiteSettingsInfo { ...@@ -39,6 +39,10 @@ class WebsiteSettingsInfo {
// Settings scoped to the combination of the origin of the requesting // Settings scoped to the combination of the origin of the requesting
// frame and the origin of the top level frame. // frame and the origin of the top level frame.
//
// This is deprecated with Permission Delegation and should not be used.
// Specifically, UI (e.g. prompts, page actions, etc.) should generally only
// change settings for the top level origin and not for embedded origins.
REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment