Initial Implementation of Iframe Attribute for Feature Policy (Part 4)

third_party/WebKit/Source/modules/payments/PaymentRequest.cpp

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "modules/payments/PaymentRequest.h"
 
 #include <stddef.h>
 #include <utility>
 #include "bindings/core/v8/ExceptionState.h"
 #include "bindings/core/v8/ScriptPromiseResolver.h"
@@ skipping 620 matching lines @@
     // is an iframe element with an |allowpaymentrequest| attribute specified,
     // and whose node document is allowed to use the feature indicated by
     // |allowpaymentrequest|, then return true.
     if (frame->Owner() && frame->Owner()->AllowPaymentRequest())
       return AllowedToUsePaymentRequest(frame->Tree().Parent());
 
     // 4. Return false.
     return false;
   }
 
-  // If Feature Policy is enabled. then we need this hack to support it, until
-  // we have proper support for <iframe allowfullscreen> in FP:
-  // TODO(lunalu): clean up the code once FP iframe is supported
-  // crbug.com/682280
-
-  // 1. If FP, by itself, enables paymentrequest in this document, then
-  // paymentrequest is allowed.
-  if (frame->IsFeatureEnabled(WebFeaturePolicyFeature::kPayment)) {
-    return true;
-  }
-
-  // 2. Otherwise, if the embedding frame's document is allowed to use
-  // paymentrequest (either through FP or otherwise), and either:
-  //   a) this is a same-origin embedded document, or
-  //   b) this document's iframe has the allowpayment attribute set,
-  // then paymentrequest is allowed.
-  if (!frame->IsMainFrame()) {
-    if (AllowedToUsePaymentRequest(frame->Tree().Parent())) {
-      return (frame->Owner() && frame->Owner()->AllowPaymentRequest()) ||
-             frame->Tree()
-                 .Parent()
-                 ->GetSecurityContext()
-                 ->GetSecurityOrigin()
-                 ->IsSameSchemeHostPortAndSuborigin(
-                     frame->GetSecurityContext()->GetSecurityOrigin());
-    }
-  }
-
-  // Otherwise, paymentrequest is not allowed. (If we reach here and this is
-  // the main frame, then paymentrequest must have been disabled by FP.)
-  return false;
+  // 2. If Feature Policy is enabled, return the policy for "payment" feature.
+  return frame->IsFeatureEnabled(WebFeaturePolicyFeature::kPayment);
 }
 
 void WarnIgnoringQueryQuotaForCanMakePayment(
     ExecutionContext& execution_context) {
   execution_context.AddConsoleMessage(ConsoleMessage::Create(
       kJSMessageSource, kWarningMessageLevel,
       "Quota reached for PaymentRequest.canMakePayment(). This would normally "
       "reject the promise, but allowing continued usage on localhost and "
       "file:// scheme origins."));
 }
@@ skipping 427 matching lines @@
   complete_resolver_.Clear();
   show_resolver_.Clear();
   abort_resolver_.Clear();
   can_make_payment_resolver_.Clear();
   if (client_binding_.is_bound())
     client_binding_.Close();
   payment_provider_.reset();
 }
 
 }  // namespace blink