Add permissions patches

spec.bs

@@ -73,6 +73,8 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
         text: cross-origin isolation mode; url: bcg-cross-origin-isolation
       for: cross-origin isolation mode
         text: none; url:cross-origin-isolation-none
+    urlPrefix: document-lifecycle.html
+      text: shared document creation infrastructure; url: shared-document-creation-infrastructure
     urlPrefix: browsing-the-web.html
       text: create navigation params by fetching; url: create-navigation-params-by-fetching
       text: document state; url: she-document-state
@@ -82,6 +84,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
       for: navigation params
         text: response; url: navigation-params-response
         text: navigable; url: navigation-params-navigable
+        text: origin; url: navigation-params-origin
       for: history handling behavior
         text: replace; url: hh-replace
       for: document state
@@ -108,6 +111,25 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
     urlPrefix: nav-history-apis.html
       for: Window
         text: navigable; url: window-navigable
+    urlPrefix: webappapis.html
+      for: environment
+        text: target browsing context; url: concept-environment-target-browsing-context
+    urlPrefix: document-sequences.html
+      for: browsing context
+        text: active document; url: active-document
+    urlPrefix: iframe-embed-object.html
+      for: iframe
+        text: allow; url: attr-iframe-allow
+spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
+  type: dfn
+    text: queue a cross-origin embedder policy CORP violation report; url: queue-a-cross-origin-embedder-policy-corp-violation-report
+    text: main fetch; url: main-fetch
+    text: should request be blocked due to a bad port; url: block-bad-port
+spec: mixed-content; urlPrefix: https://w3c.github.io/webappsec-mixed-content/
+  type: dfn
+    text: should fetching request be blocked as mixed content; url: should-block-fetch
+spec: CSP; urlPrefix: https://w3c.github.io/webappsec-csp/
+  type: dfn
     urlPrefix: interactive-elements.html
       text: accesskey attribute command; url: using-the-accesskey-attribute-to-define-a-command-on-other-elements
       text: previously focused element; url: previously-focused-element
@@ -124,6 +146,19 @@ spec: RFC8941; urlPrefix: https://www.rfc-editor.org/rfc/rfc8941.html
     text: structured header; url: #section-1
     for: structured header
       text: token; url: name-tokens
+spec: permissions-policy; urlPrefix: https://w3c.github.io/webappsec-permissions-policy
+  type: dfn
+    text: Create a Permissions Policy for a navigable; url: algo-create-for-navigable
+    text: Create a Permissions Policy for a navigable from response; url: algo-create-from-response
+    text: Define an inherited policy for feature in container at origin; url: define-inherited-policy-in-container
+    text: features; url: policy-controlled-feature
+    text: default allowlist; url: policy-controlled-feature-default-allowlist
+    text: The allow attribute of the iframe element; url: iframe-allow-attribute
+    text: ASCII-serialized policy directive; url: serialized-policy-directive
+    text: inherited policy; url: inherited-policy
+    for: permissions
+      text: matches; url: matches
+      text: permissions policy; url: permissions-policy
 </pre>
 
 <style>
@@ -227,6 +262,7 @@ dl, dd {
  <dd>[=Global attributes=]</dd>
  <dd><code>[=width=]</code> — Horizontal dimension</dd>
  <dd><code>[=height=]</code> — Vertical dimension</dd>
+ <dd><code>[=iframe/allow=]</code> — [=permissions/permissions policy=] to be applied to the <{fencedframe}>'s contents</dd>
  <dt>[=Accessibility considerations=]:</dt>
  <dd><p class=XXX>TODO</p></dd>
  <dt>[=DOM interface=]:</dt>
@@ -239,6 +275,7 @@ interface HTMLFencedFrameElement : HTMLElement {
   [CEReactions] attribute FencedFrameConfig? config;
   [CEReactions] attribute DOMString width;
   [CEReactions] attribute DOMString height;
+  [CEReactions] attribute DOMString allow;
 };
 </xmp>
 </dd>
@@ -309,6 +346,10 @@ The <dfn attribute for=HTMLFencedFrameElement>config</dfn> IDL attribute getter
   1. <span class=XXX>TODO</span>
 </div>
 
+The IDL attribute
+<dfn attribute for="fencedframe"><code data-x="dom-fencedframe-allow">allow</code></dfn>
+</dfn> must [=reflect=] the respective content attributes of the same name.
+
 <h3 id=dimension-attributes>Dimension attributes</h3>
 
 This section details monkeypatches to [[!HTML]]'s <a
@@ -1012,8 +1053,6 @@ Note: This is because we need to ensure that we do not leak <var ignore>creator<
 document's referrer|referrer=], [=Document/origin=], [=creator base url=], [=Document/policy
 container=], across the fenced frame boundary.
 
-Issue: Ensure we are doing the right thing for [=Document/permissions policy=].
-
 <h3 id=nested-traversables>Nested traversables</h3>
 
 <h4 id=nested-traversables-intro>Introduction</h4>
@@ -1537,9 +1576,12 @@ TODO: Enable this once we move the WPTs to the external repository.
 Issue: Determine if we need to fence or unfence the [=queue a cross-origin embedder policy
 CORP violation report=] algorithm, as leaving it unfenced may cause a privacy leak.
 
+<!--
+TODO: Enable this once we move the WPTs to the external repository.
 <wpt>
   /fenced-frame/embedder-coop-coep-blocked.https.html
 </wpt>
+-->
 
 <h3 id=page-visibility>Page visibility</h3>
 
@@ -1563,3 +1605,135 @@ specification adds another value for fenced frames:
 
 : "`fencedframe`"
 :: This [=navigable=] is displaying a <{fencedframe}>'s content
+
+<h3 id=permissions-policy-changes>Permissions Policies</h3>
+Permissions are granted to fenced frames through the FencedFrameConfig object, which defines the
+required permissions for the fenced frame to load. The fenced frame is only allowed to navigate if
+all of the required permissions are present in the context loading the fenced frame. When a fenced
+frame loads, it is assumed that the permissions checks passed, and the fenced frame will load with
+the list of permissions that were specified in the config object.
+
+<div algorithm=create-permissions-policy>
+  Modify the definition of [=Create a Permissions Policy for a navigable=] to read:
+
+  Given null or an element (|container|), an
+  [=origin=] (<var ignore>origin</var>), and null or a
+  list of [=features=] (|required features|), this algorithm returns a new
+  [=Document/permissions policy=].
+
+  Rewrite step 1 of the algorithm to read:
+
+  1. Assert: if not null, |container| is either a [=navigable container=] or a
+    [=fenced navigable container=].
+
+  Add a new step after step 1 that reads:
+
+  2. Assert: if |container| is not a [=fenced navigable container=], |required features| is null.
+
+  Rewrite step 4 to read:
+
+  4. If |container| is a [=fenced navigable container=], then for each |feature| supported,
+
+      1. If |feature| exists in |required features|, set |inherited policy|[|feature|] to "`Enabled`".
+
+        Otherwise, set |inherited policy|[|feature|] to "`Disabled`".
+
+    Otherwise, for each |feature| supported,
+
+      1. Let |isInherited| be the result of running [=Define an inherited policy for feature in
+        container at origin=] on |feature|, |container| and <var ignore>origin</var>.
+
+      2. Set |inherited policy|[|feature|] to |isInherited|.
+</div>
+
+<div algorithm=allow-attribute-fenced-frame>
+  Modify the [=The allow attribute of the iframe element=] section.
+
+  Rename it to "The allow attribute of the iframe and fencedframe element".
+
+  Rewrite the section to read:
+
+  <{iframe}> and <{fencedframe}> elements have an [=iframe/allow=] attribute, which contains an
+  [=ASCII-serialized policy directive=].
+
+  The allowlist for the features named in the attribute may be empty; in that case, the default
+  value for the allowlist is "`src`", which represents the origin of the URL in the iframe’s src
+  attribute, or the fencedframe's [=fenced frame config=].
+
+  When not empty, the [=iframe/allow=] attribute will result in adding an allowlist for each
+  recognized feature to the iframe element’s content navigable's container policy or the fencedframe
+  element's [=fenced navigable container/fenced navigable=]'s container policy, when it is
+  constructed.
+</div>
+
+<div algorithm=create-permissions-policy-response>
+  Modify the definition of [=Create a Permissions Policy for a navigable from response=] to read:
+
+  Given null, a [=navigable container=], or a [=fenced navigable container=] (|container|), an
+  [=origin=] (|origin|), a [=response=] (<var ignore>response</var>), and null or a
+  list of [=features=] (|required features|), this algorithm returns a new
+  [=Document/permissions policy=].
+
+  Modify step 1 of the algorithm to read:
+  1. Let <var ignore>policy</var> be the result of running
+    [=Create a Permissions Policy for a navigable=] given |container|, |origin|, and
+    |required features|.
+</div>
+
+<div algorithm=shared-document-creation-changes>
+  Modify the [=shared document creation infrastructure=] algorithm. Rewrite step 3 to read:
+
+  3. Let <var ignore>permissionsPolicy</var> be the result of [=Create a Permissions Policy for a
+    navigable from response|creating a permissions policy from a response=] given
+    |navigationParams|'s [=navigable=]'s [=navigable container|container=], |navigationParams|'s
+    [=navigation params/origin=], |navigationParams|'s [=navigation params/response=], and
+    <span class=XXX>TODO: Populate this with the required permissions to load from the config in
+    the navigation params</span>.
+</div>
+
+<div algorithm=new-browsing-context-changes>
+  Modify the [=create a new browsing context and document=] algorithm. Rewrite step 7 to read:
+
+  7. Let <var ignore>permissionsPolicy</var> be the result of [=Create a Permissions Policy for a
+    navigable|creating a permissions policy=] given <var ignore>embedder</var>,
+    <var ignore>origin</var>, and null.
+
+  Note: This change is made in addition to the changes to [=create a new browsing context and
+  document=] outlined in [[#creating-browsing-contexts-patch]].
+</div>
+
+<div algorithm=main-fetch-patches>
+  Modify the [=main fetch=] algorithm. Modify step 19 to add a new bullet point to the algorithm
+  list:
+
+  * [=should response to request be blocked by Permissions Policy=]
+</div>
+
+<div algorithm=permissions-policy-block-request>
+  Create a new algorithm in the [[!permissions-policy]] spec, called <dfn export>should response to
+  request be blocked by Permissions Policy</dfn>.
+
+  Given a [=response=] (|response|) and a [=request=] (|request|), this algorithm returns `Blocked`
+  or `Allowed`.
+
+  1. If |request|'s [=request/destination=] is not "`fencedframe`", then return `Allowed`.
+
+  2. Let |required permissions to load| be the list of <span class=XXX>TODO: Populate this with the
+    required permissions to load from the config in the navigation params</span>.
+
+  3. Let |inherited policy| be |request|'s [=request/client=]'s
+    [=environment/target browsing context=]'s [=browsing context/active document=]'s
+    [=Document/permissions policy=]'s [=inherited policy=].
+
+  4. Let |origin| be |response|'s [=response/url=]'s [=url/origin=].
+
+  5. For each |permission| in |required permissions to load|:
+
+    1. If |permission| does not exist in |inherited policy|, and |permission|'s
+      [=default allowlist=] is not "`*`", return "`Blocked`".
+
+    2. Otherwise, if the allowlist at |inherited policy|[|permission|] does not
+      [=permissions/matches|match=] |origin|, return "`Blocked`".
+
+  6. Return "`Allowed`."
+</div>