Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

synchronously use same origin-domain in iframe check #107

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

synchronously use same origin-domain in iframe check #107

wants to merge 1 commit into from

Conversation

marcoscaceres
Copy link
Member

@marcoscaceres marcoscaceres commented May 3, 2023
edited
Loading

Closes #106

Now checks "same origin-domain" instead of the more restrictive "same origin".

This change:

  • Adds new normative requirements

Implementation commitment (delete if not making normative changes):

Person merging, please make sure that commits are squashed with one of the following as a commit message prefix:

  • chore:
  • editorial:
  • BREAKING CHANGE:
  • And use none if it's a normative change

@marcoscaceres marcoscaceres mentioned this pull request May 3, 2023
Open
@marcoscaceres
Copy link
Member Author

Updated WebKit: WebKit/WebKit#13389

I'll update the WPTests also to add a specific same origin-domain check.

@marcoscaceres marcoscaceres requested a review from diekus May 3, 2023 02:03
diekus
diekus approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@diekus diekus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

diekus
diekus approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@diekus diekus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

diekus
diekus approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@diekus diekus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

marcoscaceres added a commit to marcoscaceres/WebKit that referenced this pull request Jun 2, 2023
@marcoscaceres
setAppBadge() should reject with SecurityError if child iframe is not…
2bd51ff 
… same origin-domain as top-origin

https://bugs.webkit.org/show_bug.cgi?id=256241
rdar://107109904

Reviewed by NOBODY (OOPS!).

Now does same origin-domain check against top-level origin.

Relevant spec change:
w3c/badging#107

* LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.https-expected.txt:
* Source/WebCore/page/Navigator.cpp:
(WebCore::Navigator::setAppBadge):
ghost

This comment was marked as spam.

Sign in to view

fallaciousreasoning

This comment was marked as spam.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diekus diekus diekus approved these changes

@fallaciousreasoning fallaciousreasoning fallaciousreasoning approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Checking against top-level origin should use same origin-domain
3 participants
@marcoscaceres @fallaciousreasoning @diekus