Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-02 18:08:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1879121 [wpt PR 44443] - Add permissions .well-known endpoint for Protected Audience API WPTs., a=testonly

Browse Source 
Automatic update from web-platform-tests
Add permissions .well-known endpoint for Protected Audience API WPTs.

This .well-known is fetched at the origin of the interest group's owner,
and specifies as a URL parameter the origin of frame that's attempting
to join or leave that interest group.

This is implemented such that the origin of the frame is ignored
altogether, and the determination of which operations are allowed
depends strictly on the origin of the interest group owner, and
specifically on the subdomain of the origin of the interest group owner.
wptserve serves each of its two domains at both the raw domain and each
of five subdomains.

- www: disallows both join and leave
- www1: allows join, but not leave
- www2: allows leave, but not join
- 天気の良い日 / élève: allow both join and leave
- anything else (including no subdomain): returns a 404

More information about the permissions endpoint can be found at:
https://github.com/WICG/turtledove/blob/main/FLEDGE.md#13-permission-delegation

This change depends on
https://github.com/web-platform-tests/wpt/pull/44398
to be usable from web platform tests.

Change-Id: I34f71c2576183856a770dd1a2307f5502941d219
Bug: 40275797
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5277476
Commit-Queue: Orr Bernstein <orrb@google.com>
Reviewed-by: mmenke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1265173}

--

wpt-commits: 2b9d21410646401cd42e830f481f0d8b3ba18639
wpt-pr: 44443
This commit is contained in:
Orr Bernstein 2024-02-28 08:38:30 +00:00 committed by moz-wptsync-bot
parent 238a90aa89
commit 9cae7135a9
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testing/web-platform/tests/.well-known/interest-group/permissions/default.py Normal file
View File

@ -0,0 +1,8 @@
"""Endpoint to get interest group cross-origin permissions."""
from importlib import import_module
permissions = import_module('fledge.tentative.resources.permissions')
def main(request, response):
permissions.get_permissions(request, response)

54
testing/web-platform/tests/fledge/tentative/resources/permissions.py Normal file
View File

@ -0,0 +1,54 @@
"""Methods for the interest group cross-origin permissions endpoint."""
import json
import re
from fledge.tentative.resources import fledge_http_server_util
SUBDOMAIN_WWW = 'www'
SUBDOMAIN_WWW1 = 'www1'
SUBDOMAIN_WWW2 = 'www2'
SUBDOMAIN_FRENCH = 'élève'.encode('idna').decode()
SUBDOMAIN_JAPANESE = '天気の良い日'.encode('idna').decode()
ALL_SUBDOMAINS = [SUBDOMAIN_WWW, SUBDOMAIN_WWW1, SUBDOMAIN_WWW2,
SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE]
def get_permissions(request, response):
"""Returns JSON object containing interest group cross-origin permissions.
The structure returned is described in more detail at
https://github.com/WICG/turtledove/blob/main/FLEDGE.md#13-permission-delegation.
This correctly handles requests issued in CORS mode.
This .well-known is fetched at the origin of the interest group's owner, and
specifies as a URL parameter the origin of frame that's attempting to join or
leave that interest group.
This is implemented such that the origin of the frame is ignored altogether,
and the determination of which operations are allowed depends strictly on the
origin of the interest group owner, and specifically on the subdomain of the
origin of the interest group owner. wptserve serves each of its two domains
at both the raw domain and each of five subdomains.
- www: disallows both join and leave
- www1: allows join, but not leave
- www2: allows leave, but not join
- 天気の良い日 / élève: allow both join and leave
- anything else (including no subdomain): returns a 404
"""
if fledge_http_server_util.handle_cors_headers_and_preflight(request, response):
return
first_domain_label = re.search(r"[^.]*", request.url_parts.netloc).group(0)
if first_domain_label not in ALL_SUBDOMAINS:
response.status = (404, b"Not Found")
response.content = "Not Found"
return
response.status = (200, b"OK")
response.headers.set(b"Content-Type", b"application/json")
response.content = json.dumps({
"joinAdInterestGroup": first_domain_label in [
SUBDOMAIN_WWW1, SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE],
"leaveAdInterestGroup": first_domain_label in [
SUBDOMAIN_WWW2, SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE],
})