With permission delegation enabled don't allow secondary patterns to be non-wildcard |
||
Issue descriptionCurrently in boths the prefs system and extensions system for types that don't support embedded patterns we allow both: (x, x) and (x, *) That is, either the primary and secondary pattern are equal or the secondary pattern is *. In the case of prefs this is to support settings that are of the scoping type REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE. These will set (x, x) types. These should be migrated to (x, *) once REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE is removed and replaced by SINGLE_ORIGIN_ONLY_SCOPE scope. In the case of extensions, we currently support both the above being set, even though the secondary pattern isn't used. We could disallow (x, x) but this might break more existing users. Eventually we should only support (x, *) though.
,
Sep 6
Correct. However, that's only the case for some settings. For example JavaScript and Cookies will still use both the primary and secondary pattern. So it's hard to remove the secondary pattern entirely.
,
Nov 12
|
||
►
Sign in to add a comment |
||
Comment 1 by rdevlin....@chromium.org
, Sep 5