Bug 1560741 - Part 1: Disallow notification permission requests from cross-origin iframes; r=johannh
authorEhsan Akhgari <ehsan@mozilla.com>
Mon, 12 Aug 2019 19:34:35 +0000
changeset 11901 483787e395e7e1fe36619972ef5dfd6afd5c9668
parent 11900 f2cf998ad60fa6632967f9e93d89f472e9c904b5
child 11902 b36c4afabddc0b1c19b8368f63e0500b581f07d3
push id161
push userflodolo@mozilla.com
push dateWed, 14 Aug 2019 04:07:12 +0000
reviewersjohannh
bugs1560741
Bug 1560741 - Part 1: Disallow notification permission requests from cross-origin iframes; r=johannh Differential Revision: https://phabricator.services.mozilla.com/D41305 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: 9dc1d39d27866ce6254c5246a9d15f551ad02021 X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: e5d98eda2ec359a0968c567076b1a625cb6c99ce X-Channel-Repo: releases/mozilla-release X-Channel-Revision: 2fb19d0466d2f61674c0af80813645cccd510593 X-Channel-Repo: releases/mozilla-esr68 X-Channel-Revision: a8da73ce90a4110e14caaba3e93d8a086b3a0669
dom/chrome/dom/dom.properties
--- a/dom/chrome/dom/dom.properties
+++ b/dom/chrome/dom/dom.properties
@@ -321,16 +321,17 @@ LargeAllocationSuccess=This page was loa
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name. Do not translate GET.
 LargeAllocationNonGetRequest=A Large-Allocation header was ignored due to the load being triggered by a non-GET request.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name. Do not translate `window.opener`.
 LargeAllocationNotOnlyToplevelInTabGroup=A Large-Allocation header was ignored due to the presence of windows which have a reference to this browsing context through the frame hierarchy or window.opener.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name
 LargeAllocationNonE10S=A Large-Allocation header was ignored due to the document not being loaded out of process.
 GeolocationInsecureRequestIsForbidden=A Geolocation request can only be fulfilled in a secure context.
 NotificationsInsecureRequestIsForbidden=The Notification permission may only be requested in a secure context.
+NotificationsCrossOriginIframeRequestIsForbidden=The Notification permission may only be requested in a top-level document or same-origin iframe.
 NotificationsRequireUserGesture=The Notification permission may only be requested from inside a short running user-generated event handler.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name.
 LargeAllocationNonWin32=This page would be loaded in a new process due to a Large-Allocation header, however Large-Allocation process creation is disabled on non-Win32 platforms.
 # LOCALIZATION NOTE: Do not translate "content", "Window", and "window.top"
 WindowContentUntrustedWarning=The ‘content’ attribute of Window objects is deprecated.  Please use ‘window.top’ instead.
 # LOCALIZATION NOTE: The first %S is the tag name of the element that starts the loop, the second %S is the element's ID.
 SVGRefLoopWarning=The SVG <%S> with ID “%S” has a reference loop.
 # LOCALIZATION NOTE: The first %S is the tag name of the element in the chain where the chain was broken, the second %S is the element's ID.