Change scoping type of some content settings to be more accurate

With permission delegation, permissions should generally not be set for embedded origins from UI (e.g. prompts, etc.). Therefore the default scoping type should not be REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE going forward. Some existing settings use this scoping type even though they don't need to: -The user pref for CONTENT_SETTINGS_TYPE_BLUETOOTH_GUARD is never set from UI so the scoping type is not important. -Accessibility events should be using permission delegation when it launches and so having it set to the requesting origin is appropriate -Payment handler is allowed by default but can be blocked for specific origins. I would suggest that behaves like JS, popups, etc. in that if the user blocks a certain origin, all origins that are embedded on that page are also blocked. -Clipboard is only currently only allowed for top level origins. If/when it gets exposed to iframes, it should use permission delegation. Bug: 802945 Change-Id: I2aaa2b67634571422b564f0a4e23b8c5a3d965c2 Reviewed-on: https://chromium-review.googlesource.com/954522Reviewed-by: Timothy Loh <timloh@chromium.org> Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org> Reviewed-by: Jinho Bang <jinho.bang@samsung.com> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#543970}

Change scoping type of some content settings to be more accurate
With permission delegation, permissions should generally not be set for embedded origins from UI (e.g. prompts, etc.). Therefore the default scoping type should not be REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE going forward. Some existing settings use this scoping type even though they don't need to: -The user pref for CONTENT_SETTINGS_TYPE_BLUETOOTH_GUARD is never set from UI so the scoping type is not important. -Accessibility events should be using permission delegation when it launches and so having it set to the requesting origin is appropriate -Payment handler is allowed by default but can be blocked for specific origins. I would suggest that behaves like JS, popups, etc. in that if the user blocks a certain origin, all origins that are embedded on that page are also blocked. -Clipboard is only currently only allowed for top level origins. If/when it gets exposed to iframes, it should use permission delegation. Bug: 802945 Change-Id: I2aaa2b67634571422b564f0a4e23b8c5a3d965c2 Reviewed-on: https://chromium-review.googlesource.com/954522Reviewed-by: Timothy Loh <timloh@chromium.org> Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org> Reviewed-by: Jinho Bang <jinho.bang@samsung.com> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#543970}
aa1b7dea · Raymes Khoury · Commit Bot · fd05822c · aa1b7dea · aa1b7dea
Commit aa1b7dea authored Mar 19, 2018 by Raymes Khoury Committed by Commit Bot Mar 19, 2018
2 changed files
--- a/components/content_settings/core/browser/content_settings_registry.cc
+++ b/components/content_settings/core/browser/content_settings_registry.cc
@@ -312,7 +312,7 @@ void ContentSettingsRegistry::Init() {
           CONTENT_SETTING_ASK, WebsiteSettingsInfo::UNSYNCABLE,
           WhitelistedSchemes(),
           ValidSettings(CONTENT_SETTING_ASK, CONTENT_SETTING_BLOCK),
-           WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE,
+           WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
           WebsiteSettingsRegistry::DESKTOP |
               WebsiteSettingsRegistry::PLATFORM_ANDROID,
           ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE);
@@ -322,7 +322,7 @@ void ContentSettingsRegistry::Init() {
           WhitelistedSchemes(),
           ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK,
                         CONTENT_SETTING_ASK),
-           WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE,
+           WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
           WebsiteSettingsRegistry::DESKTOP |
               WebsiteSettingsRegistry::PLATFORM_ANDROID,
           ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE);
@@ -340,7 +340,7 @@ void ContentSettingsRegistry::Init() {
           WhitelistedSchemes(),
           ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK,
                         CONTENT_SETTING_ASK),
-           WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE,
+           WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
           WebsiteSettingsRegistry::DESKTOP |
               WebsiteSettingsRegistry::PLATFORM_ANDROID,
           ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE);
@@ -349,7 +349,7 @@ void ContentSettingsRegistry::Init() {
           CONTENT_SETTING_ALLOW, WebsiteSettingsInfo::UNSYNCABLE,
           WhitelistedSchemes(),
           ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK),
-           WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE,
+           WebsiteSettingsInfo::TOP_LEVEL_ORIGIN_ONLY_SCOPE,
           WebsiteSettingsRegistry::DESKTOP |
               WebsiteSettingsRegistry::PLATFORM_ANDROID,
           ContentSettingsInfo::INHERIT_IN_INCOGNITO);

--- a/components/content_settings/core/browser/website_settings_info.h
+++ b/components/content_settings/core/browser/website_settings_info.h
@@ -39,6 +39,10 @@ class WebsiteSettingsInfo {
    // Settings scoped to the combination of the origin of the requesting
    // frame and the origin of the top level frame.
+    //
+    // This is deprecated with Permission Delegation and should not be used.
+    // Specifically, UI (e.g. prompts, page actions, etc.) should generally only
+    // change settings for the top level origin and not for embedded origins.
    REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE
  };