New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 880684 link

Starred by 1 user
Status: Assigned
Owner:
raymes@chromium.org
OOO until 4th Feb
Cc:
rdevlin....@chromium.org
msramek@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

With permission delegation enabled don't allow secondary patterns to be non-wildcard

Project Member Reported by raymes@chromium.org, Sep 5 
Currently in boths the prefs system and extensions system for types that don't support embedded patterns we allow both:
(x, x) and
(x, *)

That is, either the primary and secondary pattern are equal or the secondary pattern is *.

In the case of prefs this is to support settings that are of the scoping type REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE. These will set (x, x) types. These should be migrated to (x, *) once REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE is removed and replaced by SINGLE_ORIGIN_ONLY_SCOPE scope.

In the case of extensions, we currently support both the above being set, even though the secondary pattern isn't used. We could disallow (x, x) but this might break more existing users. Eventually we should only support (x, *) though.

Comment 1 by rdevlin....@chromium.org, Sep 5 

To clarify: the secondary patterns don't actually affect anything here, right?  i.e., an extension passing (x), (x, x), and (x, *) are all functionally equivalent?

If so, could we remove the secondary patterns from the extensions system and prefs, and just have the ContentSettings set function implementation allow, but ignore, the secondary pattern passed?  That way, we clean up (most of) the unnecessary code, but don't break existing calls.

Comment 2 by raymes@chromium.org, Sep 6 

Correct. However, that's only the case for some settings. For example JavaScript and Cookies will still use both the primary and secondary pattern. So it's hard to remove the secondary pattern entirely.

Comment 3 by carlosil@chromium.org, Nov 12

Components: -Internals>Permissions Internals>Permissions>Model

Sign in to add a comment