Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Unified Diff: content/browser/frame_host/frame_tree_node.h

Issue 2797813002: Replicate feature policy container policies. (Closed)
Patch Set: Addressing review comments Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/frame_tree.cc ('k') | content/browser/frame_host/frame_tree_node.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/frame_tree_node.h
diff --git a/content/browser/frame_host/frame_tree_node.h b/content/browser/frame_host/frame_tree_node.h
index db332daed3c24c2608206e8a470473eba65a6f03..b42347326f9ac38b0bd384c2a292e56b1abf4f12 100644
--- a/content/browser/frame_host/frame_tree_node.h
+++ b/content/browser/frame_host/frame_tree_node.h
@@ -11,6 +11,7 @@
#include <string>
#include <vector>
+#include "base/gtest_prod_util.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "content/browser/frame_host/frame_tree_node_blame_context.h"
@@ -206,9 +207,29 @@ class CONTENT_EXPORT FrameTreeNode {
// sandboxed, the parent's sandbox flags are combined with |sandbox_flags|.
void SetPendingSandboxFlags(blink::WebSandboxFlags sandbox_flags);
- // Set any pending sandbox flags as active, and return true if the sandbox
- // flags were changed.
- bool CommitPendingSandboxFlags();
+ // Returns the currently active container policy for this frame, which is set
+ // by the iframe allowfullscreen, allowpaymentrequest, and allow attributes,
+ // along with the origin of the iframe's src attribute (which may be different
+ // from the URL of the document currently loaded into the frame). This does
+ // not include policy changes that have been made by updating the containing
+ // iframe element attributes since the frame was last navigated.
+ const ParsedFeaturePolicyHeader& effective_container_policy() const {
+ return replication_state_.container_policy;
+ }
+
+ // Update this frame's container policy. This is used when a parent frame
+ // updates feature-policy attributes in the <iframe> element for this frame.
+ // These attributes include allow, allowfullscreen, allowpaymentrequest, and
+ // src. Updates to the container policy will not take effect until next
+ // navigation.
+ // This method must only be called on a subframe; changing the container
+ // policy on the main frame is not allowed.
+ void SetPendingContainerPolicy(
+ const ParsedFeaturePolicyHeader& container_policy);
+
+ // Set any pending sandbox flags and container policy as active, and return
+ // true if either was changed.
+ bool CommitPendingFramePolicy();
const FrameOwnerProperties& frame_owner_properties() {
return frame_owner_properties_;
@@ -314,6 +335,11 @@ class CONTENT_EXPORT FrameTreeNode {
void OnSetHasReceivedUserGesture();
private:
+ FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest,
+ ContainerPolicyDynamic);
+ FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest,
+ ContainerPolicySandboxDynamic);
+
class OpenerDestroyedObserver;
FrameTreeNode* GetSibling(int relative_offset) const;
@@ -379,6 +405,12 @@ class CONTENT_EXPORT FrameTreeNode {
// navigation.
blink::WebSandboxFlags pending_sandbox_flags_;
+ // Tracks the computed container policy for this frame. When the iframe
+ // allowfullscreen, allowpaymentrequest, allow or src attributes are changed,
+ // the updated policy for the frame is stored here, and transferred into
+ // replication_state_.container_policy on the next frame navigation.
+ ParsedFeaturePolicyHeader pending_container_policy_;
+
// Tracks the scrolling and margin properties for this frame. These
// properties affect the child renderer but are stored on its parent's
// frame element. When this frame's parent dynamically updates these
« no previous file with comments | « content/browser/frame_host/frame_tree.cc ('k') | content/browser/frame_host/frame_tree_node.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698