Backed out changeset 6daf4f561843 (bug 1495303)for failing web-platform tests on /payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html
authorarthur.iakab <aiakab@mozilla.com>
Mon, 01 Oct 2018 14:51:26 +0300
changeset 487280 9ead07a717dfed858e88956b2aa91f7bc5cd7898
parent 487279 e6bcb33bea547e442f0a1c5c857f3655aaf7eae5
child 487281 c869bea1ed94521f2fa898991e19797bc38d574d
child 487310 890a773ea546b579acfe8f35a1b8bb197c7cf055
push id246
push userfmarier@mozilla.com
push dateSat, 13 Oct 2018 00:15:40 +0000
bugs1495303
milestone64.0a1
backs out6daf4f561843827556ce451941a75ab186255f00
Backed out changeset 6daf4f561843 (bug 1495303)for failing web-platform tests on /payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html
dom/html/HTMLIFrameElement.cpp
dom/payments/PaymentRequest.cpp
dom/security/featurepolicy/FeaturePolicy.cpp
dom/security/featurepolicy/FeaturePolicy.h
dom/security/featurepolicy/FeaturePolicyUtils.cpp
testing/web-platform/meta/feature-policy/__dir__.ini
testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html.ini
testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute.https.sub.html.ini
testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy.https.sub.html.ini
testing/web-platform/meta/feature-policy/payment-default-feature-policy.https.sub.html.ini
testing/web-platform/meta/feature-policy/payment-disabled-by-feature-policy.https.sub.html.ini
testing/web-platform/meta/payment-request/__dir__.ini
testing/web-platform/meta/payment-request/allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html.ini
--- a/dom/html/HTMLIFrameElement.cpp
+++ b/dom/html/HTMLIFrameElement.cpp
@@ -169,18 +169,17 @@ HTMLIFrameElement::AfterSetAttr(int32_t 
         // If we have an nsFrameLoader, apply the new sandbox flags.
         // Since this is called after the setter, the sandbox flags have
         // alreay been updated.
         mFrameLoader->ApplySandboxFlags(GetSandboxFlags());
       }
     }
     if ((aName == nsGkAtoms::allow ||
          aName == nsGkAtoms::src ||
-         aName == nsGkAtoms::sandbox ||
-         aName == nsGkAtoms::allowpaymentrequest) &&
+         aName == nsGkAtoms::sandbox) &&
         StaticPrefs::dom_security_featurePolicy_enabled()) {
       RefreshFeaturePolicy();
     }
   }
   return nsGenericHTMLFrameElement::AfterSetAttr(aNameSpaceID, aName,
                                                  aValue, aOldValue,
                                                  aMaybeScriptedPrincipal,
                                                  aNotify);
@@ -303,18 +302,14 @@ HTMLIFrameElement::RefreshFeaturePolicy(
 
     // Set or reset the FeaturePolicy directives.
     mFeaturePolicy->SetDeclaredPolicy(OwnerDoc(), allow, documentOrigin,
                                       origin, true /* 'src' enabled */);
   }
 
   mFeaturePolicy->InheritPolicy(OwnerDoc()->Policy());
 
-  if (AllowPaymentRequest()) {
-    mFeaturePolicy->MaybeSetAllowedPolicy(NS_LITERAL_STRING("payment"));
-  }
-
   // TODO: https://wicg.github.io/feature-policy/#process-feature-policy-attributes
-  // requires to check allowfullscreen, and allowusermediarequest
+  // requires to check allowfullscreen, allowpaymentrequest and allowusermediarequest
 }
 
 } // namespace dom
 } // namespace mozilla
--- a/dom/payments/PaymentRequest.cpp
+++ b/dom/payments/PaymentRequest.cpp
@@ -1,17 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "BasicCardPayment.h"
 #include "mozilla/dom/Element.h"
-#include "mozilla/dom/FeaturePolicyUtils.h"
 #include "mozilla/dom/PaymentRequest.h"
 #include "mozilla/dom/PaymentRequestChild.h"
 #include "mozilla/dom/PaymentResponse.h"
 #include "mozilla/EventStateManager.h"
 #include "mozilla/StaticPrefs.h"
 #include "nsContentUtils.h"
 #include "nsIScriptError.h"
 #include "nsIURLParser.h"
@@ -556,22 +555,16 @@ PaymentRequest::Constructor(const Global
 
 
   nsCOMPtr<nsIDocument> doc = window->GetExtantDoc();
   if (!doc) {
     aRv.Throw(NS_ERROR_UNEXPECTED);
     return nullptr;
   }
 
-  if (!FeaturePolicyUtils::IsFeatureAllowed(doc,
-                                            NS_LITERAL_STRING("payment"))) {
-    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
-    return nullptr;
-  }
-
   // Check if AllowPaymentRequest on the owner document
   if (!doc->AllowPaymentRequest()) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return nullptr;
   }
 
   // Get the top level principal
   nsCOMPtr<nsIDocument> topLevelDoc = doc->GetTopLevelContentDocument();
--- a/dom/security/featurepolicy/FeaturePolicy.cpp
+++ b/dom/security/featurepolicy/FeaturePolicy.cpp
@@ -177,23 +177,8 @@ FeaturePolicy::GetAllowlistForFeature(co
 
   nsString defaultAllowList;
   FeaturePolicyUtils::DefaultAllowListFeature(aFeatureName, mDefaultOrigin,
                                               defaultAllowList);
    if (!defaultAllowList.IsEmpty()) {
     aList.AppendElement(defaultAllowList);
   }
 }
-
-void
-FeaturePolicy::MaybeSetAllowedPolicy(const nsAString& aFeatureName)
-{
-  MOZ_ASSERT(FeaturePolicyUtils::IsSupportedFeature(aFeatureName));
-
-  if (HasDeclaredFeature(aFeatureName)) {
-    return;
-  }
-
-  Feature feature(aFeatureName);
-  feature.SetAllowsAll();
-
-  mFeatures.AppendElement(feature);
-}
--- a/dom/security/featurepolicy/FeaturePolicy.h
+++ b/dom/security/featurepolicy/FeaturePolicy.h
@@ -96,22 +96,16 @@ public:
   // or for the 'allow' HTML attribute.
   void
   SetDeclaredPolicy(nsIDocument* aDocument,
                     const nsAString& aPolicyString,
                     const nsAString& aSelfOrigin,
                     const nsAString& aSrcOrigin,
                     bool aSrcEnabled);
 
-  // This method creates a policy for aFeatureName allowing it to '*' if it
-  // doesn't exist yet. It's used by HTMLIFrameElement to enable features by
-  // attributes.
-  void
-  MaybeSetAllowedPolicy(const nsAString& aFeatureName);
-
   // Clears all the declarative policy directives. This is needed when the
   // 'allow' attribute or the 'src' attribute change for HTMLIFrameElement's
   // policy.
   void
   ResetDeclaredPolicy();
 
   // WebIDL internal methods.
 
--- a/dom/security/featurepolicy/FeaturePolicyUtils.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@@ -42,16 +42,17 @@ static FeatureMap sSupportedFeatures[] =
   // TODO: not supported yet!!!
   { "gyroscope", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "magnetometer", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "microphone", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "midi", FeatureMap::eSelf  },
+  // TODO: not supported yet!!!
   { "payment", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "picture-in-picture", FeatureMap::eAll  },
   // TODO: not supported yet!!!
   { "speaker", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
   { "usb", FeatureMap::eSelf  },
   // TODO: not supported yet!!!
--- a/testing/web-platform/meta/feature-policy/__dir__.ini
+++ b/testing/web-platform/meta/feature-policy/__dir__.ini
@@ -1,2 +1,2 @@
-prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
+prefs: [dom.security.featurePolicy.enabled:true]
 lsan-allowed: []
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html.ini
@@ -0,0 +1,19 @@
+[payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html]
+  [Feature-Policy allow="payment" allows same-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" disallows cross-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allowpaymentrequest=true disallows cross-origin relocation.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allows same-origin navigation in an iframe.]
+    expected: FAIL
+
+  [Feature-Policy allow="payment" allowpaymentrequest=true allows same-origin navigation in an iframe.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy-attribute.https.sub.html.ini
@@ -1,4 +1,7 @@
 [payment-allowed-by-feature-policy-attribute.https.sub.html]
+  [Feature policy "payment" can be enabled in same-origin iframe using allow="payment" attribute]
+    expected: FAIL
+
   [Feature policy "payment" can be enabled in cross-origin iframe using allow="payment" attribute]
     expected: FAIL
 
--- a/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-allowed-by-feature-policy.https.sub.html.ini
@@ -1,4 +1,16 @@
 [payment-allowed-by-feature-policy.https.sub.html]
+  [Feature-Policy header {"payment" : ["*"\]} allows the top-level document.]
+    expected: FAIL
+
+  [Feature-Policy header {"payment" : ["*"\]} allows same-origin iframes.]
+    expected: FAIL
+
   [Feature-Policy header {"payment" : ["*"\]} allows cross-origin iframes.]
     expected: FAIL
 
+  [Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows same-origin iframes.]
+    expected: FAIL
+
+  [Feature-Policy header {"payment" : ["*"\]} allowpaymentrequest=true allows cross-origin iframes.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/feature-policy/payment-default-feature-policy.https.sub.html.ini
+++ b/testing/web-platform/meta/feature-policy/payment-default-feature-policy.https.sub.html.ini
@@ -1,4 +1,13 @@
 [payment-default-feature-policy.https.sub.html]
+  [Default "payment" feature policy ["self"\] allows the top-level document.]
+    expected: FAIL
+
+  [Default "payment" feature policy ["self"\] allows same-origin iframes.]
+    expected: FAIL
+
+  [Default "payment" feature policy ["self"\] allowpaymentrequest=true allows same-origin iframes.]
+    expected: FAIL
+
   [Default "payment" feature policy ["self"\] allowpaymentrequest=true allows cross-origin iframes.]
     expected: FAIL
 
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/feature-policy/payment-disabled-by-feature-policy.https.sub.html.ini
@@ -0,0 +1,4 @@
+[payment-disabled-by-feature-policy.https.sub.html]
+  [Feature-Policy header {"payment" : [\]} disallows the top-level document.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/payment-request/__dir__.ini
+++ b/testing/web-platform/meta/payment-request/__dir__.ini
@@ -1,1 +1,1 @@
-prefs: [dom.security.featurePolicy.enabled:true, dom.payments.request.enabled:true]
+prefs: [dom.payments.request.enabled:true]
--- a/testing/web-platform/meta/payment-request/allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html.ini
+++ b/testing/web-platform/meta/payment-request/allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html.ini
@@ -1,11 +1,12 @@
 [allowpaymentrequest-attribute-cross-origin-bc-containers.https.html]
   [iframe]
-    expected: FAIL
+    expected:
+      if not e10s: FAIL
 
   [frame]
     expected:
       if not e10s: FAIL
 
   [object]
     expected:
       if not e10s: FAIL