Replicate feature policy container policies.

third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

Index: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp
index ca3bb0fb6accf5aba82e5ddc6a64babf9d522291..5a12886c93dba6ab8de3c54fc701253bf96afcf1 100644
--- a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp
@@ -163,6 +163,20 @@ void HTMLFrameElementBase::ParseAttribute(
   }
 }
 
+const RefPtr<SecurityOrigin> HTMLFrameElementBase::GetOriginForFeaturePolicy()
+    const {
+  KURL url = GetDocument().CompleteURL(url_);
+  // Sandboxed frames and data: urls have a unique origin.
+  if (url.ProtocolIsData() || (GetSandboxFlags() & kSandboxOrigin))

[alexmos, 2017/04/11 01:17:49]

Checking data: explicitly might not actually be necessary, as
SecurityOrigin::Create should handle it when checking
ShouldTreatAsUniqueOrigin().  Please double-check - I haven't followed all the
latest plumbing.  It's probably best to leave this decision to
SecurityOrigin::Create anyway, in case other schemes with unique origins are
added later.

I also know file URLs can lead to effectively unique origins (depending on a
setting which I think is on by default - see last case in
SecurityOrigin::IsSameSchemeHostPort).  Does that matter here?  A unit test for
all these corner cases would be nice.

[alexmos, 2017/04/11 01:17:49]

nit: use IsSandboxed(kSandboxOrigin)

[iclelland, 2017/04/11 17:41:43]

I thought that was only defined on SecurityContext? I looked, but it didn't seem
useful here. (We're not operating on the actual document in the frame, just on
the way the frame is defined by the owner)

[iclelland, 2017/04/11 17:41:43]

You're right there, thanks. SecurityOrigin::Create will return a unique origin
for data: (and javascript:, and about:, and chrome-native:) schemes.
Frames at file URLs shouldn't inherit their origin from their owner; they have
their own. If that origin ends up being used in the container policy (by <iframe
allow="featurename"> in the parent), then the parent is choosing to grant access
to the feature in that frame, whether it's treated as same- or cross- origin.
Definitely. I'll add some.

[alexmos, 2017/04/13 02:09:15]

The ProtocolIsData() check still seems to be there, even though you removed it
from the comment.
Acknowledged.

[alexmos, 2017/04/13 02:09:15]

Ah, right, this is for a frame owner, not a document.  This is fine.

[iclelland, 2017/04/13 19:05:31]

Thanks for catching that. Done.

+    return SecurityOrigin::CreateUnique();
+  // Frames with about:blank and javascript: urls inherit their origin from
+  // their parent frame.
+  if (url.ProtocolIsJavaScript() || url.IsAboutBlankURL())

[alexmos, 2017/04/11 01:17:49]

Do you also need to handle the case where |url| is empty (i.e., no "src"
specified)?  

I wonder if we should call ShouldInheritSecurityOriginFromOwner instead to
maintain a central place for this decision.

Also, what about srcdoc iframes?

[iclelland, 2017/04/11 17:41:43]

That's a good idea -- it's not currently exported from DocumentLoader.cpp,
though, so maybe I should move it somewhere; it could be a static method in
Document.
We haven't specified what happens in that case -- I think that it should inherit
from the owner, unless it's also sandboxed, in which case it has a unique origin
that can't currently be referenced by FP anyway. Srcdoc frames should be handled
by ShouldInheritSecurityOriginFromOwner; I'll update to use that.

[alexmos, 2017/04/13 02:09:15]

Yes, I assumed that we'd need to export it more widely.  This looks ok to me;
I'll defer to a Blink owner on whether there's a better place to expose it.
Acknowledged.

+    return GetDocument().GetSecurityOrigin();
+  // Otherwise, return the origin of the absolute URL.
+  return SecurityOrigin::Create(url);
+}
+
 void HTMLFrameElementBase::SetNameAndOpenURL() {
   frame_name_ = GetNameAttribute();
   OpenURL();