// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_H_ #define THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_H_ #include <map> #include <optional> #include <vector> #include "base/memory/raw_ref.h" #include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h" #include "third_party/blink/public/common/common_export.h" #include "third_party/blink/public/common/permissions_policy/origin_with_possible_wildcards.h" #include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h" #include "third_party/blink/public/common/permissions_policy/permissions_policy_features.h" #include "third_party/blink/public/mojom/fenced_frame/fenced_frame.mojom-shared.h" #include "third_party/blink/public/mojom/permissions_policy/permissions_policy.mojom-forward.h" #include "third_party/blink/public/mojom/permissions_policy/permissions_policy_feature.mojom-forward.h" #include "url/origin.h" namespace network { struct ResourceRequest; } // namespace network namespace blink { class ResourceRequest; // Permissions Policy is a mechanism for controlling the availability of web // platform features in a frame, including all embedded frames. It can be used // to remove features, automatically refuse API permission requests, or modify // the behaviour of features. (The specific changes which are made depend on the // feature; see the specification for details). // // Policies can be defined in the HTTP header stream, with the // |Permissions-Policy| HTTP header, or can be set by the |allow| attributes on // the iframe element which embeds the document. // // See https://w3c.github.io/webappsec-permissions-policy/ // // Key concepts: // // Features // -------- // Features which can be controlled by policy are defined by instances of enum // mojom::PermissionsPolicyFeature, declared in |permissions_policy.mojom|. // // Allowlists // ---------- // Allowlists are collections of origins, although several special terms can be // used when declaring them: // "none" indicates that no origins should be included in the allowlist. // "self" refers to the origin of the frame which is declaring the policy. // "src" refers to the origin specified by the attributes of the iframe // element which embeds the document. This incorporates the src, srcdoc, and // sandbox attributes. // "*" refers to all origins; any origin will match an allowlist which // contains it. // // Declarations // ------------ // A permissions policy declaration is a mapping of a feature name to an // allowlist. A set of declarations is a declared policy. // // Inherited Policy // ---------------- // In addition to the declared policy (which may be empty), every frame has // an inherited policy, which is determined by the context in which it is // embedded, or by the defaults for each feature in the case of the top-level // document. // // Container Policy // ---------------- // A declared policy can be set on a specific frame by the embedding page using // the iframe "allow" attribute, or through attributes such as "allowfullscreen" // or "allowpaymentrequest". This is the container policy for the embedded // frame. // // Defaults // -------- // Each defined feature has a default policy, which determines whether the // feature is available when no policy has been declared, and determines how the // feature is inherited across origin boundaries. // // If the default policy is in effect for a frame, then it controls how the // feature is inherited by any cross-origin iframes embedded by the frame. (See // the comments in |PermissionsPolicyFeatureDefault| in // permissions_policy_features.h for specifics.) // // Policy Inheritance // ------------------ // Policies in effect for a frame are inherited by any child frames it embeds. // Unless another policy is declared in the child, all same-origin children will // receive the same set of enabled features as the parent frame. Whether or not // features are inherited by cross-origin iframes without an explicit policy is // determined by the feature's default policy. (Again, see the comments in // |PermissionsPolicyFeatureDefault| in permissions_policy_features.h for // details) class BLINK_COMMON_EXPORT PermissionsPolicy { … }; } // namespace blink #endif // THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_H_