Changeset 224062 in webkit


Ignore:
Timestamp:
Oct 26, 2017 4:28:31 PM (6 years ago)
Author:
keith_miller@apple.com
Message:

[Payment Request] Restrict API use to secure, same-origin frames
https://bugs.webkit.org/show_bug.cgi?id=178887

Patch by Andy Estes <aestes@apple.com> on 2017-10-26
Reviewed by Tim Horton.

Reuse the access checks from Apple Pay to restrict PaymentRequest API usage to secure frames
in the same origin as the main frame.

Progresses active-document-cross-origin.https.sub.html and
active-document-same-origin.https.html from web-platform-tests. Regresses basic.https.html
since the allowpaymentrequest <iframe> attribute is not yet implemented.

  • Modules/applepay/ApplePaySession.cpp:

(WebCore::ApplePaySession::create):
(WebCore::ApplePaySession::supportsVersion):
(WebCore::ApplePaySession::canMakePayments):
(WebCore::ApplePaySession::canMakePaymentsWithActiveCard):
(WebCore::ApplePaySession::openPaymentSetup):
(WebCore::isSecure): Deleted.
(WebCore::canCallApplePaySessionAPIs): Deleted.

  • Modules/applepay/PaymentSession.cpp: Added.

(WebCore::isSecure):
(WebCore::PaymentSession::canCreateSession):

  • Modules/applepay/PaymentSession.h:
  • Modules/paymentrequest/PaymentHandler.cpp:

(WebCore::PaymentHandler::canCreateSession):

  • Modules/paymentrequest/PaymentHandler.h:
  • Modules/paymentrequest/PaymentRequest.cpp:

(WebCore::PaymentRequest::create):

  • WebCore.xcodeproj/project.pbxproj:
Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r224061 r224062  
    7676        * platform/mac/MediaRemoteSoftLink.cpp: Softlink kMRMediaRemoteNowPlayingInfoUniqueIdentifier.
    7777        * platform/mac/MediaRemoteSoftLink.h:
     78
     792017-10-26  Keith Miller  <keith_miller@apple.com>
     80
     81        Unreviewed, add deprecated declarations pragma to fix macosx.
     82
     83        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
    7884
    79852017-10-26  Keith Miller  <keith_miller@apple.com>

  • trunk/Source/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm

    r222898 r224062  
    4545#import <wtf/NeverDestroyed.h>
    4646#import <wtf/SoftLinking.h>
     47
     48#pragma clang diagnostic push
     49#pragma clang diagnostic ignored "-Wdeprecated-declarations"
    4750
    4851SOFT_LINK_FRAMEWORK(QTKit)
     
    17201723@end
    17211724
     1725#pragma clang diagnostic pop // deprecated-declarations
     1726
    17221727#endif
Note: See TracChangeset for help on using the changeset viewer.