Add embedder policy to the policy container

antosart · web-flow · commit 1bec6adba201 · 2021-06-24T16:08:59.000-04:00
Part of #4926. Closes #4916.
diff --git a/source b/source
@@ -9204,9 +9204,6 @@ partial interface <dfn id="document" data-lt="">Document</dfn> {
   for="Document">policy container</dfn> (a <span>policy container</span>), initially a new policy
   container, which contains policies which apply to the <code>Document</code>.</p>
 
-  <p>The <code>Document</code> has an <dfn data-x="concept-document-embedder-policy">embedder
-  policy</dfn> (an <span>embedder policy</span>).</p>
-
   <p id="concept-document-feature-policy">The <code>Document</code> has a <dfn
   data-x="concept-document-permissions-policy" export for="Document">permissions policy</dfn>, which
   is a <span data-x="concept-permissions-policy">permissions policy</span>, which is initially
@@ -78865,10 +78862,6 @@ popup4.close();</code></pre></div>
    <var>document</var>'s <span data-x="the document's referrer">referrer</span> to the <span
    data-x="concept-url-serializer">serialization</span> of it.</p></li>
 
-   <li><p>If <var>creator</var> is non-null, then set <var>document</var>'s
-   <span data-x="concept-document-embedder-policy">embedder policy</span> to <var>creator</var>'s
-   <span data-x="concept-document-embedder-policy">embedder policy</span>.</p></li>
-
    <li><p>If <var>creator</var> is non-null, then set <var>document</var>'s <span
    data-x="concept-document-policy-container">policy container</span> to a <span data-x="clone a
    policy container">clone</span> of <var>creator</var>'s <span
@@ -81087,11 +81080,6 @@ interface <dfn interface>BarProp</dfn> {
       <code>Document</code></span>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-embedder-policy">embedder policy</span></dt>
-     <dd><p>Return <var>window</var>'s <span data-x="concept-document-window">associated
-     <code>Document</code></span>'s <span data-x="concept-document-embedder-policy">embedder
-     policy</span>.</p></dd>
-
      <dt>The <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
      isolated capability</span></dt>
      <dd>
@@ -83649,19 +83637,16 @@ interface <dfn interface>BarProp</dfn> {
 
   <p>To <dfn>check a navigation response's adherence to its embedder policy</dfn> given a <span
   data-x="concept-response">response</span> <var>response</var>, a <span>browsing context</span>
-  <var>target</var>, and an <span>environment</span> <var>environment</var>:</p>
+  <var>target</var>, and an <span>embedder policy</span> <var>responsePolicy</var>:</p>
 
   <ol>
    <li><p>If <var>target</var> is not a <span>child browsing context</span>, then return
    true.</p></li>
 
-   <li><p>Let <var>responsePolicy</var> be the result of <span data-x="obtain an embedder
-   policy">obtaining an embedder policy</span> from <var>response</var> and
-   <var>environment</var>.</p></li>
-
    <li><p>Let <var>parentPolicy</var> be <var>target</var>'s <span
    data-x="bc-container-document">container document</span>'s <span
-   data-x="concept-document-embedder-policy">embedder policy</span>.</p></li>
+   data-x="concept-document-policy-container">policy container</span>'s <span
+   data-x="policy-container-embedder-policy">embedder policy</span>.</p></li>
 
    <li><p>If <var>parentPolicy</var>'s <span data-x="embedder-policy-report-only-value">report-only
    value</span> is "<code data-x="coep-require-corp">require-corp</code>" and
@@ -83700,7 +83685,8 @@ interface <dfn interface>BarProp</dfn> {
    data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span>.
 
    <li><p>Let <var>ownerPolicy</var> be <var>owner</var>'s <span
-   data-x="concept-settings-object-embedder-policy">embedder policy</span>.
+   data-x="concept-settings-object-policy-container">policy container</span>'s <span
+   data-x="policy-container-embedder-policy">embedder policy</span>.
 
    <li><p>If <var>ownerPolicy</var>'s <span data-x="embedder-policy-report-only-value">report-only
    value</span> is "<code data-x="coep-require-corp">require-corp</code>" and <var>policy</var>'s
@@ -83777,6 +83763,10 @@ interface <dfn interface>BarProp</dfn> {
    <li><p>A <dfn export for="policy container" data-x="policy-container-csp-list">CSP list</dfn>,
    which is a <span data-x="concept-csp-list">CSP list</span>. It is initially empty.</p></li>
 
+   <li><p>An <dfn export for="policy container" data-x="policy-container-embedder-policy">embedder
+   policy</dfn>, which is an <span>embedder policy</span>. It is initially a new <span>embedder
+   policy</span>.</p></li>
+
    <li><p>A <dfn export for="policy container" data-x="policy-container-referrer-policy">referrer
    policy</dfn>, which is a <span>referrer policy</span>. It is initially the <span>default referrer
    policy</span>.</p></li>
@@ -83795,6 +83785,10 @@ interface <dfn interface>BarProp</dfn> {
    data-x="list append">append</span> a copy of <var>policy</var> into <var>clone</var>'s <span
    data-x="policy-container-csp-list">CSP list</span>.</p></li>
 
+   <li><p>Set <var>clone</var>'s <span data-x="policy-container-embedder-policy">embedder
+   policy</span> to a copy of <var>policyContainer</var>'s <span
+   data-x="policy-container-embedder-policy">embedder policy</span>.</p></li>
+
    <li><p>Set <var>clone</var>'s <span data-x="policy-container-referrer-policy">referrer
    policy</span> to <var>policyContainer</var>'s <span
    data-x="policy-container-referrer-policy">referrer policy</span>.</p></li>
@@ -83824,7 +83818,8 @@ interface <dfn interface>BarProp</dfn> {
 
   <p>To <dfn export data-lt="creating a policy container from a fetch response" data-x="creating a
   policy container from a fetch response">create a policy container from a fetch response</dfn>
-  given a <span data-x="concept-response">response</span> <var>response</var>:</p>
+  given a <span data-x="concept-response">response</span> <var>response</var> and an
+  <span>environment</span>-or-null <var>environment</var>:</p>
 
   <ol>
    <li><p>If <var>response</var>'s <span data-x="concept-response-url">URL</span>'s <span
@@ -83840,6 +83835,12 @@ interface <dfn interface>BarProp</dfn> {
    result of <span data-x="parse-response-csp">parsing a response's Content Security Policies</span>
    given <var>response</var>.</p></li>
 
+   <li><p>If <var>environment</var> is non-null, then set <var>result</var>'s <span
+   data-x="policy-container-embedder-policy">embedder policy</span> to the result of <span
+   data-x="obtain an embedder policy">obtaining an embedder policy</span> given <var>response</var>
+   and <var>environment</var>. Otherwise, set it to "<code
+   data-x="coep-unsafe-none">unsafe-none</code>".</p></li>
+
    <li><p>Set <var>result</var>'s <span data-x="policy-container-referrer-policy">referrer
    policy</span> to the result of <span data-x="parse-referrer-policy-header">parsing the
    `<code>Referrer-Policy</code>` header</span> given <var>response</var>. <ref
@@ -83889,8 +83890,9 @@ interface <dfn interface>BarProp</dfn> {
   </ol>
 
   <p>To <dfn data-x="initialize worker policy container">initialize a worker global scope's policy
-  container</dfn> given a <code>WorkerGlobalScope</code> <var>workerGlobalScope</var> and a <span
-  data-x="concept-response">response</span> <var>response</var>:</p>
+  container</dfn> given a <code>WorkerGlobalScope</code> <var>workerGlobalScope</var>, a <span
+  data-x="concept-response">response</span> <var>response</var>, and an <span>environment</span>
+  <var>environment</var>:</p>
 
   <ol>
    <li>
@@ -83913,7 +83915,7 @@ interface <dfn interface>BarProp</dfn> {
    <li><p>Otherwise, set <var>workerGlobalScope</var>'s <span
    data-x="concept-WorkerGlobalScope-policy-container">policy container</span> to the result of
    <span>creating a policy container from a fetch response</span> given
-   <var>response</var>.</p></li>
+   <var>response</var> and <var>environment</var>.</p></li>
   </ol>
 
   <h3 split-filename="history" id="history">Session history and navigation</h3>
@@ -86291,8 +86293,9 @@ interface <dfn interface>Location</dfn> { // but see also <a href="#the-location
     </ol>
    </li>
 
-   <li><p>Let <var>responsePolicyContainer</var> to be the result of <span>creating a policy
-   container from a fetch response</span> <var>response</var>.</p></li>
+   <li><p>Let <var>responsePolicyContainer</var> be the result of <span>creating a policy container
+   from a fetch response</span> given <var>response</var> and <var>request</var>'s <span
+   data-x="concept-request-reserved-client">reserved client</span>.</p></li>
 
    <li><p>Let <var>resultPolicyContainer</var> be the result of <span>determining navigation params
    policy container</span> given <var>response</var>'s <span
@@ -86351,7 +86354,8 @@ interface <dfn interface>Location</dfn> { // but see also <a href="#the-location
     the result of <span data-x="check a navigation response's adherence to its
     embedder policy">checking a navigation response's adherence to its embedder policy</span> given
     <var>response</var>, <var>browsingContext</var>, and <var>navigationParams</var>'s <span
-    data-x="navigation-params-reserved-environment">reserved environment</span> is false, then set
+    data-x="navigation-params-policy-container">policy container</span>'s <span
+    data-x="policy-container-embedder-policy">embedder policy</span> is false, then set
     <var>failure</var> to true.</p>
 
     <p>Otherwise, if the result of <span data-x="check a navigation response's adherence to
@@ -86760,15 +86764,6 @@ interface <dfn interface>Location</dfn> { // but see also <a href="#the-location
    <li><p>Set <var>document</var>'s <span>current document readiness</span> to "<code
    data-x="">loading</code>".</p></li>
 
-   <li><p>If <var>navigationParam</var>'s <span
-   data-x="navigation-params-reserved-environment">reserved environment</span> is non-null, then set
-   <var>document</var>'s <span data-x="concept-document-embedder-policy">embedder policy</span> to
-   the result of <span data-x="obtain an embedder policy">obtaining an embedder policy</span> given
-   <var>navigationParams</var>'s <span data-x="navigation-params-response">response</span> and
-   <var>navigationParam</var>'s <span data-x="navigation-params-reserved-environment">reserved
-   environment</span>. Otherwise, set it to "<code
-   data-x="coep-unsafe-none">unsafe-none</code>".</p></li>
-
    <li><p><span>Run CSP initialization for a <code data-x="">Document</code></span> given
    <var>document</var>. <ref spec="CSP"></p>
 
@@ -88998,14 +88993,6 @@ interface <dfn interface>BeforeUnloadEvent</dfn> : <span>Event</span> {
     <p>A <span>policy container</span> containing policies used for security checks.</p>
    </dd>
 
-   <dt>An <dfn data-x="concept-settings-object-embedder-policy" export
-   for="environment settings object">embedder policy</dfn></dt>
-
-   <dd><p>An <span>embedder policy</span> used by <span data-x="cross-origin resource policy
-   check">cross-origin resource policy checks</span> for <span data-x="concept-fetch">fetches</span>
-   performed using this <span>environment settings object</span> as a <span
-   data-x="concept-request-client">request client</span>.</p></dd>
-
    <dt>A <dfn data-x="concept-settings-object-cross-origin-isolated-capability" export
    for="environment settings object">cross-origin isolated capability</dfn></dt>
 
@@ -100752,23 +100739,13 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
      data-x="concept-response-url">url</span>.</p></li>
 
      <li><p><span data-x="initialize worker policy container">Initialize worker global scope's
-     policy container</span> given <var>worker global scope</var>, and <var>response</var>.</p></li>
+     policy container</span> given <var>worker global scope</var>, <var>response</var>, and
+     <var>inside settings</var>.</p></li>
 
      <li><p>If the <span>Run CSP initialization for a global object</span> algorithm returns "<code
      data-x="">Blocked</code>" when executed upon <var>worker global scope</var>, set
      <var>response</var> to a <span>network error</span>. <ref spec=CSP></p></li>
 
-     <li><p>If <var>response</var>'s <span data-x="concept-response-url">url</span>'s <span
-     data-x="concept-url-scheme">scheme</span> is a <span>local scheme</span>, then set
-     <var>worker global scope</var>'s <span
-     data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> to <var>owner</var>'s
-     <span data-x="concept-settings-object-embedder-policy">embedder policy</span>.</p></li>
-
-     <li><p>Otherwise, set <var>worker global scope</var>'s <span
-     data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> to the result of
-     <span data-x="obtain an embedder policy">obtaining an embedder policy</span> from
-     <var>response</var> and <var>inside settings</var>.</p></li>
-
      <li>
       <p>If <var>worker global scope</var>'s <span
       data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span> is "<code
@@ -101099,12 +101076,6 @@ interface <dfn interface>SharedWorkerGlobalScope</dfn> : <span>WorkerGlobalScope
       data-x="concept-WorkerGlobalScope-policy-container">policy container</span>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-embedder-policy">embedder policy</span></dt>
-     <dd>
-      <p>Return <var>worker global scope</var>'s <span
-      data-x="concept-WorkerGlobalScope-embedder-policy">embedder policy</span>.</p>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
      isolated capability</span></dt>
      <dd><p>Return <var>worker global scope</var>'s <span
@@ -102225,9 +102196,6 @@ interface <dfn interface>WorkletGlobalScope</dfn> {};</code></pre>
    container">clone</span> of <var>outsideSettings</var>'s <span
    data-x="concept-settings-object-policy-container">policy container</span>.</p></li>
 
-   <li><p>Let <var>inheritedEmbedderPolicy</var> be <var>outsideSettings</var>'s <span
-   data-x="concept-settings-object-embedder-policy">embedder policy</span>.</p></li>
-
    <li><p>Let <var>realm</var> be the value of <var>executionContext</var>'s Realm
    component.</p></li>
 
@@ -102281,11 +102249,6 @@ interface <dfn interface>WorkletGlobalScope</dfn> {};</code></pre>
       <p>Return <var>inheritedPolicyContainer</var>.</p>
      </dd>
 
-     <dt>The <span data-x="concept-settings-object-embedder-policy">embedder policy</span></dt>
-     <dd>
-      <p>Return <var>inheritedEmbedderPolicy</var>.</p>
-     </dd>
-
      <dt>The <span data-x="concept-settings-object-cross-origin-isolated-capability">cross-origin
      isolated capability</span></dt>
      <dd><p>Return <span class="XXX">TODO</span>.</p></dd>
