[Payment Request] Restrict API use to secure, same-origin frames
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Oct 2017 23:28:31 +0000 (23:28 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Oct 2017 23:28:31 +0000 (23:28 +0000)
https://bugs.webkit.org/show_bug.cgi?id=178887

Patch by Andy Estes <aestes@apple.com> on 2017-10-26
Reviewed by Tim Horton.

Reuse the access checks from Apple Pay to restrict PaymentRequest API usage to secure frames
in the same origin as the main frame.

Progresses active-document-cross-origin.https.sub.html and
active-document-same-origin.https.html from web-platform-tests. Regresses basic.https.html
since the allowpaymentrequest <iframe> attribute is not yet implemented.

* Modules/applepay/ApplePaySession.cpp:
(WebCore::ApplePaySession::create):
(WebCore::ApplePaySession::supportsVersion):
(WebCore::ApplePaySession::canMakePayments):
(WebCore::ApplePaySession::canMakePaymentsWithActiveCard):
(WebCore::ApplePaySession::openPaymentSetup):
(WebCore::isSecure): Deleted.
(WebCore::canCallApplePaySessionAPIs): Deleted.
* Modules/applepay/PaymentSession.cpp: Added.
(WebCore::isSecure):
(WebCore::PaymentSession::canCreateSession):
* Modules/applepay/PaymentSession.h:
* Modules/paymentrequest/PaymentHandler.cpp:
(WebCore::PaymentHandler::canCreateSession):
* Modules/paymentrequest/PaymentHandler.h:
* Modules/paymentrequest/PaymentRequest.cpp:
(WebCore::PaymentRequest::create):
* WebCore.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@224062 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm

index fc43ea6..57e53a2 100644 (file)
 
 2017-10-26  Keith Miller  <keith_miller@apple.com>
 
+        Unreviewed, add deprecated declarations pragma to fix macosx.
+
+        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
+
+2017-10-26  Keith Miller  <keith_miller@apple.com>
+
         Unreviewed, iOS build fix.
 
         * SourcesMac.txt:
index ee74629..246a28b 100644 (file)
@@ -45,6 +45,9 @@
 #import <wtf/NeverDestroyed.h>
 #import <wtf/SoftLinking.h>
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
 SOFT_LINK_FRAMEWORK(QTKit)
 
 SOFT_LINK(QTKit, QTMakeTime, QTTime, (long long timeValue, long timeScale), (timeValue, timeScale))
@@ -1719,4 +1722,6 @@ bool MediaPlayerPrivateQTKit::isCurrentPlaybackTargetWireless() const
 
 @end
 
+#pragma clang diagnostic pop // deprecated-declarations
+
 #endif