Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make SubresourceWebBundles feature available only in Secure Context #27674

Merged
merged 1 commit into from Feb 22, 2021

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Feb 18, 2021

We are developing the SubresourceWebBundles feature behind the feature
flag. This feature is enabled when
--enable-features=SubresourceWebBundles or
chrome://flags/#enable-experimental-web-platform-features is enabled
even when the page is non-Secure Context.

But according to this doc, we should make powerful new features
available only to secure origins.
https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

So this CL makes the SubresourceWebBundles feature available only in
Secure Context by:
(1) Add [SecureContext] extended attribute to resources and scopes
attribute of HTMLLinkElement in html_link_element.idl.
(2) Check IsSecureContext() also when we check
RuntimeEnabledFeatures::SubresourceWebBundlesEnabled().

Note: this restriction doesn’t affect Origin Trial of this feature,
because Origin Trials are only enabled for secure origins.

Bug: 1082020
Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703194
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Cr-Commit-Position: refs/heads/master@{#856177}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2703194 branch 2 times, most recently from 8f01e7f to 4289cad Compare February 22, 2021 01:13
We are developing the SubresourceWebBundles feature behind the feature
flag. This feature is enabled when
--enable-features=SubresourceWebBundles or
chrome://flags/#enable-experimental-web-platform-features is enabled
even when the page is non-Secure Context.

But according to this doc, we should make powerful new features
available only to secure origins.
https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

So this CL makes the SubresourceWebBundles feature available only in
Secure Context by:
 (1) Add [SecureContext] extended attribute to `resources` and `scopes`
     attribute of HTMLLinkElement in html_link_element.idl.
 (2) Check IsSecureContext() also when we check
     RuntimeEnabledFeatures::SubresourceWebBundlesEnabled().

Note: this restriction doesn’t affect Origin Trial of this feature,
because Origin Trials are only enabled for secure origins.

Bug: 1082020
Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2703194
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Cr-Commit-Position: refs/heads/master@{#856177}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants