Fix #364: Integrate EME with Feature Policy #432
Conversation
This adds a section defining the feature name and default allowlist, as well as integration with the requestMediaKeySystemAccess algorithm.
|
@clelland we still need to fix the "allowed to use" monkey-patch to make it take a policy-controlled feature. Is that something you could do? @ddorwin ptal - I'm sure I've violated some style conventions but help would be appreciated in how to do things right - I'm not very experienced with this stuff! I'm also in the process of getting a W3C account linked... |
| @@ -657,9 +669,10 @@ | |||
|
|
|||
| <ol class="method-algorithm"> | |||
| <!-- TODO: Convert all parameters to use <code>. --> | |||
| <li><p>Let <var>document</var> be the calling context's <a def-id="document-concept"></a>.</p></li> | |||
| <li><p>If <var>document</var> is not <a data-cite="!HTML#allowed-to-use">allowed to use</a> the <a data-cite="!FEATURE-POLICY#policy-controlled-feature">policy-controlled feature</a> named <a>encrypted-media</a>, return a promise rejected with a newly created <a def-id="NotSupportedError"></a>.</p></li> | |||
There was a problem hiding this comment.
This could be a SecurityError as recommended in https://github.com/WICG/feature-policy/blob/gh-pages/integration.md. I actually think SecurityError is more appropriate but there may be backward compatibility concerns.
There was a problem hiding this comment.
I think that's probably fine. NotSupportedError is an expected result that needs to be handled, but nothing is going to work in this case anyway.
@xhwang-chromium, we'll need to update Chromium if this changes (along with the actual algorithm steps).
There was a problem hiding this comment.
Sorry just to clarify: which do you prefer - NotSupportedError or SecurityError?
There was a problem hiding this comment.
I am fine with SecurityError if that is what other specs are using.
There was a problem hiding this comment.
web-platform-tests/wpt#7889 assumes SecurityError.
There was a problem hiding this comment.
|
@ddorwin ping :) |
ddorwin
changed the title
There was a problem hiding this comment.
Thank you. Looks good overall. We'll also need to update index.html before landing.
I updated the PR title to refer to the issue. You'll need to make sure the eventual commit message matches that (or I can do the merge).
On the process side, EME is now a Recommendation, so it's not clear how we should handle such post-REC changes in the repo. This is not really a new feature, simply patches the algorithm to align with another spec, and further enhances the user security and privacy mitigations in this spec, but it is observable. /cc @plehegar
| @@ -657,9 +669,10 @@ | |||
|
|
|||
| <ol class="method-algorithm"> | |||
| <!-- TODO: Convert all parameters to use <code>. --> | |||
| <li><p>Let <var>document</var> be the calling context's <a def-id="document-concept"></a>.</p></li> | |||
| <li><p>If <var>document</var> is not <a data-cite="!HTML#allowed-to-use">allowed to use</a> the <a data-cite="!FEATURE-POLICY#policy-controlled-feature">policy-controlled feature</a> named <a>encrypted-media</a>, return a promise rejected with a newly created <a def-id="NotSupportedError"></a>.</p></li> | |||
There was a problem hiding this comment.
I think that's probably fine. NotSupportedError is an expected result that needs to be handled, but nothing is going to work in this case anyway.
@xhwang-chromium, we'll need to update Chromium if this changes (along with the actual algorithm steps).
encrypted-media-respec.html
Outdated
| @@ -620,6 +620,18 @@ | |||
| </dl> | |||
| </section> | |||
|
|
|||
| <section> | |||
There was a problem hiding this comment.
This appears to be a new top-level section, which seems a bit odd. Also, it is specific to a single method, which is defined in the next top-level section. Should it be part of that? How do other APIs handle this?
There was a problem hiding this comment.
I wasn't sure where to put it some I'm open to suggestions. I don't think there is any standard place right now but @clelland may have thoughts. I'll move it to the next section.
|
Thanks - please let me know how to update index.html. I'm happy for you to do the merge if it's easier. |
|
See https://github.com/w3c/encrypted-media/blob/master/TEAM.md#updating-indexhtml for how to update index.html. |
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce
|
Updated index.html. Note that it changed massively. I'm not sure if I did something wrong or if it is a new version of respec or something. But it changed just as much when I produced a snapshot from top-of-tree. Let me know if I'm missing something! |
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce Reviewed-on: https://chromium-review.googlesource.com/727319 Reviewed-by: Timothy Loh <timloh@chromium.org> Reviewed-by: Xiaohan Wang <xhwang@chromium.org> Reviewed-by: David Dorwin <ddorwin@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#511051}
This changes the type of error returned to be a SecurityError, as discussed in w3c/encrypted-media#432 (review). This also makes 3 other small changes: 1) The deprecation warning is only shown when the feature is not enabled. 2) A separate console message is logged when a request has been rejected due to a Feature Policy in effect. 3) A UseCounter also counts the number of times that a request is rejected due to Feature Policy. Bug: 689802 Change-Id: Ic067fea9df858ba5390f74073e67a350043fe8ce Reviewed-on: https://chromium-review.googlesource.com/727319 Reviewed-by: Timothy Loh <timloh@chromium.org> Reviewed-by: Xiaohan Wang <xhwang@chromium.org> Reviewed-by: David Dorwin <ddorwin@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#511051}
|
(to answer David's question) |
|
Feature Policy is still being developed so isn't yet suitable as a normative reference in a W3C Recommendation, so we wouldn't be able to push a new Edited Recommendation with it. |
|
Friendly bump, other W3C recommendations such as https://www.w3.org/TR/payment-request/#feature-policy are now integrating this. |
|
Any objections to my merging this now (with an update to index.html)? |
|
It looks like there is an open question of NotSupportedError vs SecurityError in the inline comments. |
The latest from that discussion was you saying you were fine with SecurityError and foolip saying that WPT expects it. So I assumed that was settled. |
|
JFYI, the "as defined by" part was being rejected by respec as it couldn't resolve the reference to "Feature Policy". I couldn't figure out the syntax to fix it, but I realized it was redundant, since the sentence already links to the definition in the Feature Policy spec. So with that removed and index.html regenerated, this merges cleanly. I'll leave this open for another day to see if anybody has further comment. If not, I'll merge it. If I merge it and someone comes along later and says I missed something, we'll fix it. Thanks! |
There was a problem hiding this comment.
It looks like there is an open question of NotSupportedError vs SecurityError in the inline comments.
The latest from that discussion was you saying you were fine with SecurityError and foolip saying that WPT expects it. So I assumed that was settled.
I had had hoped for a confirmation of "that is what other specs are using" and read the WPT comment as more of an observation than authoritative. :) That said, SecurityError appears to be the recommendation from the integration doc, so SGTM.
| @@ -657,9 +669,10 @@ | |||
|
|
|||
| <ol class="method-algorithm"> | |||
| <!-- TODO: Convert all parameters to use <code>. --> | |||
| <li><p>Let <var>document</var> be the calling context's <a def-id="document-concept"></a>.</p></li> | |||
| <li><p>If <var>document</var> is not <a data-cite="!HTML#allowed-to-use">allowed to use</a> the <a data-cite="!FEATURE-POLICY#policy-controlled-feature">policy-controlled feature</a> named <a>encrypted-media</a>, return a promise rejected with a newly created <a def-id="NotSupportedError"></a>.</p></li> | |||
There was a problem hiding this comment.
Thanks! I've updated my local copy to reflect all of this, including the switch to SecurityError. |
|
Since my local diff against master is fairly small and easy to verify against the latest referencing guidelines, I'll go ahead and merge it now. I'd be happy to follow-up on any changes I missed, or review another PR if someone wants to make additional changes for this. Thank you @raymeskhoury for your contribution! |
This adds a section defining the feature name and default allowlist, as well as integration with the requestMediaKeySystemAccess algorithm.
Preview | Diff