[DISCARDED] Always fetch origin policies from /.well-known/origin-policy #21739
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wpt-pr-bot
approved these changes
Feb 11, 2020
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2020488
branch
23 times, most recently
from
959441b to
eab2495
Compare
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2020488
branch
3 times, most recently
from
d74a58f to
32beb69
Compare
KyleJu
force-pushed
the
chromium-export-cl-2020488
branch
2 times, most recently
from
a89cbbf to
bd94816
Compare
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2020488
branch
4 times, most recently
from
7886e18 to
275a2a5
Compare
This is the first step at implementing the new fetching semantics from the updated origin policy specification. It also deletes some parts that are no longer in the spec and would have needed updating anyway. In particular, this removes: * The distinction between default origin policies and versioned origin policies, and along with it, the "latest version map". This removes, for now, the application of origin policies to pages without an Origin-Policy header; that will be added back as part of the caching work in crbug.com/1042040. * Redirect-handling logic for default policies. Redirects are now always an error. * Parsing of the response header from the server. We currently just check for its presence, and will do parsing according to the new spec as part of crbug.com/1042036. * Sending Sec-Origin-Policy: 0 on the request. We may add this back later, but it is still under discussion: WICG/origin-policy#51 * A good amount of C++ "unit tests" that were rather integration test-ey, and would have had to be rewritten anyway. Instead they are replaced with web platform test integration tests. * A thorough web platform test of the origin policy installation/deletion cycle, which would have had to be rewritten, and then rewritten again once we tackle crbug.com/1042049. We'll want to refer to it in version history once those foundations are stable. * Reporting, for now. We need to first spec this and then add it back. See WICG/origin-policy#62. Additionally, although we removed all parsing of the response header, we changed the code to look for the presence of Origin-Policy instead of Sec-Origin-Policy per the latest spec. Apart from removals, this CL's biggest changes are to the web platform tests. This implements the plan discussed at #20773 and web-platform-tests/rfcs#44 which allows us to serve different origin policies per subdomain. The test origin policies also now contain "id" members, but those are not used or tested for now; that will occur in https://crbug.com/1042036. Bug: 1042034 Change-Id: I4674fe2cfbc1f3e174c76415d86a487e750cdb0d
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2020488
branch
from
275a2a5 to
bf518de
Compare
This was referenced Feb 18, 2020
Hexcles
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the first step at implementing the new fetching semantics from the updated origin policy specification. It also deletes some parts that are no longer in the spec and would have needed updating anyway.
In particular, this removes:
The distinction between default origin policies and versioned origin policies, and along with it, the "latest version map". This removes, for now, the application of origin policies to pages without an Origin-Policy header; that will be added back as part of the caching work in crbug.com/1042040.
Redirect-handling logic for default policies. Redirects are now always an error.
Parsing of the response header from the server. We currently just check for its presence, and will do parsing according to the new spec as part of crbug.com/1042036.
Sending Sec-Origin-Policy: 0 on the request. We may add this back later, but it is still under discussion: How do sites serve origin policies selectively? WICG/origin-policy#51
A good amount of C++ "unit tests" that were rather integration test-ey, and would have had to be rewritten anyway. Instead they are replaced with web platform test integration tests.
A thorough web platform test of the origin policy installation/deletion cycle, which would have had to be rewritten, and then rewritten again once we tackle crbug.com/1042049. We'll want to refer to it in version history once those foundations are stable.
Reporting, for now. We need to first spec this and then add it back. See Define report-to WICG/origin-policy#62.
Additionally, although we removed all parsing of the response header, we changed the code to look for the presence of Origin-Policy instead of Sec-Origin-Policy per the latest spec.
Apart from removals, this CL's biggest changes are to the web platform tests. This implements the plan discussed at #20773 and web-platform-tests/rfcs#44 which allows us to serve different origin policies per subdomain. The test origin policies also now contain "id" members, but those are not used or tested for now; that will occur in https://crbug.com/1042036.
Bug: 1042034
Reviewed-on: https://chromium-review.googlesource.com/2020488
WPT-Export-Revision: 715e514aa9e0ce41145490ea1ea4653db156b943