-
Peter Beverloo authored
Requesting notification permission could previously happen from any context, which included cross-origin iframes and insecure origins. Starting with Chrome 62 we're restricting this to top-level secure contexts and same-origin secure iframes. Usage will continue to be allowed in any iframe once permission has been granted from one of these contexts. Origins could easily work around such a restriction by posting a message to their Service Worker, so it doesn't make sense to impose it. This change is covered by the following intents: Insecure origin usage of Notifications: https://groups.google.com/a/chromium.org/d/topic/blink-dev/IVgkxkRNtMo/discussion Requesting notification permission from iframes: https://groups.google.com/a/chromium.org/d/topic/blink-dev/n37ij1E_1aY/discussion TBR=raymes for permission_context_base_feature_policy_unittest.cc BUG=695693 Change-Id: I76769971609a483e2c40e5e7775b1e159a2cc96d Reviewed-on: https://chromium-review.googlesource.com/613901 Commit-Queue: Peter Beverloo <peter@chromium.org> Reviewed-by: Bernhard Bauer <bauerb@chromium.org> Reviewed-by: John Mellor <johnme@chromium.org> Reviewed-by: Rick Byers <rbyers@chromium.org> Cr-Commit-Position: refs/heads/master@{#497674}
3ea904e3