Skip to content

Commit

Permalink
Merge pull request #13 from w3c/issue-10-secure-top-level
Browse files Browse the repository at this point in the history 
Allow use in same-origin children, add Feature Policy integration
  • Loading branch information
@anssiko
anssiko committed Sep 24, 2019
2 parents ce5317b + 6d2ce77 commit 5a628d9
Showing 1 changed file with 90 additions and 16 deletions.
106 changes: 90 additions & 16 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,16 +147,14 @@ <h2>
"https://html.spec.whatwg.org/multipage/webappapis.html#eventhandler"><dfn><code>
EventHandler</code></dfn></a>
</li>
<li>
<a href=
"https://dom.spec.whatwg.org/#eventtarget"><dfn><code>
EventTarget</code></dfn></a>
</li>
<li>
<dfn><a href=
"https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task">queue a
task</a></dfn>
</li>
<li>
<code><dfn data-cite="DOM#eventtarget">EventTarget</dfn></code>
</li>
<li>
<dfn><a href=
"https://dom.spec.whatwg.org/#concept-event-fire">fires
Expand All @@ -177,6 +175,21 @@ <h2>
"https://html.spec.whatwg.org/multipage/browsers.html#browsing-context">browsing
context</a></dfn>
</li>
<li>
<dfn><a href=
"https://html.spec.whatwg.org/#concept-relevant-global">relevant
global object</a></dfn>
</li>
<li>
<dfn><a href=
"https://html.spec.whatwg.org/#relevant-settings-object">relevant
settings object</a></dfn>
</li>
<li>
<dfn><a href=
"https://html.spec.whatwg.org/#current-settings-object">current
settings object</a></dfn>
</li>
<li>
<dfn><a href=
"https://html.spec.whatwg.org/multipage/browsers.html#top-level-browsing-context">
Expand All @@ -187,6 +200,11 @@ <h2>
"https://html.spec.whatwg.org/multipage/webappapis.html#incumbent-settings-object">
incumbent settings object</a></dfn>
</li>
<li>
<dfn><a href=
"https://html.spec.whatwg.org/#concept-document-window">associated
<code>Document</code></a></dfn>
</li>
<li>
<a href=
"https://tc39.github.io/ecma262/#sec-promise-objects"><dfn>Promise</dfn></a>
Expand All @@ -199,6 +217,10 @@ <h2>
<a href=
"https://heycam.github.io/webidl/#securityerror"><dfn><code>SecurityError</code></dfn></a>
</li>
<li>
<a href=
"https://heycam.github.io/webidl/#notallowederror"><dfn><code>NotAllowedError</code></dfn></a>
</li>
<li>
<a href=
"https://heycam.github.io/webidl/#idl-DOMException"><dfn><code>DOMException</code></dfn></a>
Expand All @@ -208,6 +230,37 @@ <h2>
"https://www.w3.org/TR/secure-contexts/#secure-context"><dfn>secure
context</dfn></a>
</li>
<li>
<a href="https://html.spec.whatwg.org/#active-document"><dfn>active
document</dfn></a>
</li>
<li>
<a href=
"https://html.spec.whatwg.org/#concept-origin"><dfn>origin</dfn></a>
</li>
<li>
<a href="https://html.spec.whatwg.org/#same-origin-domain"><dfn>same
origin-domain</dfn></a>
</li>
<li>
<a href="https://html.spec.whatwg.org/#allowed-to-use"><dfn>allowed
to use</dfn></a>
</li>
<li>
<a href=
"https://wicg.github.io/feature-policy/#policy-controlled-feature"><dfn>
policy-controlled feature</dfn></a>
</li>
<li>
<a href=
"https://wicg.github.io/feature-policy/#feature-name"><dfn>feature
name</dfn></a>
</li>
<li>
<a href=
"https://wicg.github.io/feature-policy/#default-allowlist"><dfn>default
allowlist</dfn></a>
</li>
</ul>
</section>
<section class="informative">
Expand Down Expand Up @@ -259,17 +312,26 @@ <h2>
the following steps:
</p>
<ol>
<li>If the <a>incumbent settings object</a> is not a <a>secure
context</a>, then reject this <a>Navigator</a> object's <a>battery
promise</a> with a "<a>SecurityError</a>" <a>DOMException</a>, return
this <a>Navigator</a> object's <a>battery promise</a> and abort these
steps.
</li>
<li>If the <a>browsing context</a> is not a <a>top-level browsing
context</a>, then reject this <a>Navigator</a> object's <a>battery
promise</a> with a "<a>SecurityError</a>" <a>DOMException</a>, return
this <a>Navigator</a> object's <a>battery promise</a> and abort these
steps.
<li>If the <a>relevant settings object</a> of this <a>Navigator</a>
object is not a <a>secure context</a>, then reject this
<a>Navigator</a> object's <a>battery promise</a> with a
"<a>SecurityError</a>" <a>DOMException</a>, return this
<a>Navigator</a> object's <a>battery promise</a> and abort these steps.
</li>
<li>If this <a>Navigator</a> object's <a>relevant global object</a>'s
<a>associated <code>Document</code></a> is not <a>allowed to use</a>
the <code>battery</code> feature, then reject this <a>Navigator</a>
object's <a>battery promise</a> with a "<a>NotAllowedError</a>"
<a>DOMException</a>, return this <a>Navigator</a> object's <a>battery
promise</a> and abort these steps.
<div class="note">
In other words, this step rejects if the <a>associated
<code>Document</code></a>'s <a>browsing context</a>'s <a>active
document</a>'s <a>origin</a> is not <a>same origin-domain</a> with
the <a>origin</a> of the <a>current settings object</a> of this
<a>Navigator</a> object, unless specifically allowed by the
document's feature policy.
</div>
</li>
<li>If this <a>Navigator</a> object's <a>battery promise</a> is not
<code>null</code>, return this <a>Navigator</a> object's <a>battery
Expand Down Expand Up @@ -486,6 +548,18 @@ <h2>
</table>
</section>
</section>
<section>
<h2>
Feature Policy integration
</h2>
<p data-link-for="Navigator">
The Battery Status API is a <a>policy-controlled feature</a> identified
by the string "<code>battery</code>". It's default allowlist is
<code>'self'</code>. When disabled in a document, the
<code><a>getBattery</a>()</code> method MUST return a <a>promise</a>
which rejects with a "<a>SecurityError</a>" <a>DOMException</a>.
</p>
</section>
<section class="informative">
<h2>
Examples
Expand Down

0 comments on commit 5a628d9

Please sign in to comment.