Bug 1560741 - Part 1: Disallow notification permission requests from cross-origin iframes; r=johannh
authorEhsan Akhgari <ehsan@mozilla.com>
Mon, 12 Aug 2019 21:38:58 +0000
changeset 11904 e683c03f1a776dd310d8a96e7c225a87ac31fccb
parent 11903 f62b1979b454a4b503371e8b4b645c15a5d90ac9
child 11905 86cc58d36f85029b4db4e0aeea1b2196181fbcc0
push id161
push userflodolo@mozilla.com
push dateWed, 14 Aug 2019 04:07:12 +0000
reviewersjohannh
bugs1560741
Bug 1560741 - Part 1: Disallow notification permission requests from cross-origin iframes; r=johannh Differential Revision: https://phabricator.services.mozilla.com/D41305 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: b7c91018f87ee89c7b209b76a0202be118cdff32 X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: e5d98eda2ec359a0968c567076b1a625cb6c99ce X-Channel-Repo: releases/mozilla-release X-Channel-Revision: 2fb19d0466d2f61674c0af80813645cccd510593 X-Channel-Repo: releases/mozilla-esr68 X-Channel-Revision: a8da73ce90a4110e14caaba3e93d8a086b3a0669
dom/chrome/dom/dom.properties
--- a/dom/chrome/dom/dom.properties
+++ b/dom/chrome/dom/dom.properties
@@ -321,16 +321,17 @@ LargeAllocationSuccess=This page was loa
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name. Do not translate GET.
 LargeAllocationNonGetRequest=A Large-Allocation header was ignored due to the load being triggered by a non-GET request.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name. Do not translate `window.opener`.
 LargeAllocationNotOnlyToplevelInTabGroup=A Large-Allocation header was ignored due to the presence of windows which have a reference to this browsing context through the frame hierarchy or window.opener.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name
 LargeAllocationNonE10S=A Large-Allocation header was ignored due to the document not being loaded out of process.
 GeolocationInsecureRequestIsForbidden=A Geolocation request can only be fulfilled in a secure context.
 NotificationsInsecureRequestIsForbidden=The Notification permission may only be requested in a secure context.
+NotificationsCrossOriginIframeRequestIsForbidden=The Notification permission may only be requested in a top-level document or same-origin iframe.
 NotificationsRequireUserGesture=The Notification permission may only be requested from inside a short running user-generated event handler.
 # LOCALIZATION NOTE: Do not translate "Large-Allocation", as it is a literal header name.
 LargeAllocationNonWin32=This page would be loaded in a new process due to a Large-Allocation header, however Large-Allocation process creation is disabled on non-Win32 platforms.
 # LOCALIZATION NOTE: Do not translate "content", "Window", and "window.top"
 WindowContentUntrustedWarning=The ‘content’ attribute of Window objects is deprecated.  Please use ‘window.top’ instead.
 # LOCALIZATION NOTE: The first %S is the tag name of the element that starts the loop, the second %S is the element's ID.
 SVGRefLoopWarning=The SVG <%S> with ID “%S” has a reference loop.
 # LOCALIZATION NOTE: The first %S is the tag name of the element in the chain where the chain was broken, the second %S is the element's ID.