Skip to content

Commit

Permalink
Replace same-origin Security & Privacy requirement with Permissions P…
Browse files Browse the repository at this point in the history 
…olicy one (#136)

This addresses a conflict that was introduced in #121:

- The presence of the Permissions Policy integration means usage of the
  Device Orientation API can be allowed in third-party iframes provided that
  the right tokens are in place.
- The "Security and privacy considerations" section contains a requirement
  that events are fired only on child navigables that are same-origin with
  the top-level traversable.

The latter was introduced in #25 and served as a stop-gap measure before
Permissions Policy integration was added.

The current implementation status is:
- Blink never implemented the same-origin requirement, but added Permissions
  Policy integration in 2018.
- WebKit has always implemented Permissions Policy integration.
- Gecko implements the same-origin requirement (see Mozilla bug 1197901).

This means we can safely replace the same-origin requirement with a
requirement to support the Permissions Policy integration, as switching from
one to the other is transparent in the sense that the exact same set of
websites that worked before will continue to work with the change, as the
features we define have a default allowlist of "self".

Fixes #133
  • Loading branch information
Raphael Kubo da Costa authored Jan 31, 2024
1 parent e778bf8 commit a1bee02
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -636,7 +636,7 @@ In light of that, implementations may consider visual indicators to signify the
Furthermore, to minimize privacy risks, the chance of fingerprinting and other attacks the implementations must:
* fire events only when a [=/navigable=]'s [=navigable/active document=]'s [=visibility state=] is "<code>visible</code>",
* fire events only on the [=/top-level traversable=]'s [=navigable/active window=] and [=child navigables=]' [=navigable/active windows=] whose [=relevant settings object=]'s [=environment settings object/origin=] is [=same origin=] with the [=/top-level traversable=]'s [=navigable/active window=]'s [=relevant settings object=]'s [=environment settings object/origin=].
* implement [[#permissions-policy-integration]] so that events are fired on [=child navigables=] (including but not restricted to cross-origin ones) only if allowed by the [=/top-level traversable=],
* fire events on a [=/navigable=]'s [=navigable/active windows=] only when its [=relevant settings object=] is a [=secure context=],
* limit precision of attribute values as described in the previous sections.
Expand Down

0 comments on commit a1bee02

Please sign in to comment.