Change scoping type of some content settings to be more accurate
With permission delegation, permissions should generally not be set for embedded origins from UI (e.g. prompts, etc.). Therefore the default scoping type should not be REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE going forward. Some existing settings use this scoping type even though they don't need to: -The user pref for CONTENT_SETTINGS_TYPE_BLUETOOTH_GUARD is never set from UI so the scoping type is not important. -Accessibility events should be using permission delegation when it launches and so having it set to the requesting origin is appropriate -Payment handler is allowed by default but can be blocked for specific origins. I would suggest that behaves like JS, popups, etc. in that if the user blocks a certain origin, all origins that are embedded on that page are also blocked. -Clipboard is only currently only allowed for top level origins. If/when it gets exposed to iframes, it should use permission delegation. Bug: 802945 Change-Id: I2aaa2b67634571422b564f0a4e23b8c5a3d965c2 Reviewed-on: https://chromium-review.googlesource.com/954522Reviewed-by:Timothy Loh <timloh@chromium.org> Reviewed-by:
Dominic Mazzoni <dmazzoni@chromium.org> Reviewed-by:
Jinho Bang <jinho.bang@samsung.com> Reviewed-by:
Rouslan Solomakhin <rouslan@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#543970}
Showing
Please register or sign in to comment