Bug 1430947 - Add [SecureContext] to navigator.credentials r?bz
It was neglected to mark navigator.credentials as [SecureContext], yet it
must be for spec compliance and powerful-features compliance.
MozReview-Commit-ID: BYKGqqhoS2L
--- a/dom/webidl/Navigator.webidl
+++ b/dom/webidl/Navigator.webidl
@@ -9,16 +9,17 @@
* http://www.w3.org/TR/geolocation-API/#geolocation_interface
* http://www.w3.org/TR/battery-status/#navigatorbattery-interface
* http://www.w3.org/TR/vibration/#vibration-interface
* http://www.w3.org/2012/sysapps/runtime/#extension-to-the-navigator-interface-1
* https://dvcs.w3.org/hg/gamepad/raw-file/default/gamepad.html#navigator-interface-extension
* http://www.w3.org/TR/beacon/#sec-beacon-method
* https://html.spec.whatwg.org/#navigatorconcurrenthardware
* http://wicg.github.io/netinfo/#extensions-to-the-navigator-interface
+ * https://w3c.github.io/webappsec-credential-management/#framework-credential-management
*
* © Copyright 2004-2011 Apple Computer, Inc., Mozilla Foundation, and
* Opera Software ASA. You are granted a license to use, reproduce
* and create derivative works of this document.
*/
// http://www.whatwg.org/specs/web-apps/current-work/#the-navigator-object
[HeaderFile="Navigator.h"]
@@ -306,12 +307,13 @@ partial interface Navigator {
sequence<MediaKeySystemConfiguration> supportedConfigurations);
};
[NoInterfaceObject, Exposed=(Window,Worker)]
interface NavigatorConcurrentHardware {
readonly attribute unsigned long long hardwareConcurrency;
};
+// https://w3c.github.io/webappsec-credential-management/#framework-credential-management
partial interface Navigator {
- [Pref="security.webauth.webauthn", SameObject]
+ [Pref="security.webauth.webauthn", SecureContext, SameObject]
readonly attribute CredentialsContainer credentials;
};
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -303766,16 +303766,22 @@
]
],
"credential-management/passwordcredential-framed-get.sub.https.html": [
[
"/credential-management/passwordcredential-framed-get.sub.https.html",
{}
]
],
+ "credential-management/require_securecontext.html": [
+ [
+ "/credential-management/require_securecontext.html",
+ {}
+ ]
+ ],
"css/compositing/mix-blend-mode/mix-blend-mode-creates-stacking-context.html": [
[
"/css/compositing/mix-blend-mode/mix-blend-mode-creates-stacking-context.html",
{}
]
],
"css/compositing/mix-blend-mode/mix-blend-mode-parsing.html": [
[
@@ -410623,16 +410629,20 @@
"credential-management/idl.https.html": [
"e9a108beef51c52bbaaf2e53371aec57e69541c0",
"testharness"
],
"credential-management/passwordcredential-framed-get.sub.https.html": [
"3ce3b0a2eaa10928aec1f32c9e3bcbe2af5fafba",
"testharness"
],
+ "credential-management/require_securecontext.html": [
+ "4a266e0c663a12ace13f6f08a7899236b489f698",
+ "testharness"
+ ],
"credential-management/support/echoing-nester.html": [
"408bf741f31a9f69a2a9a50d93877f6a999cd9d9",
"support"
],
"credential-management/support/federatedcredential-get.html": [
"59b8314b8cb9044bfccf6a2a0e520a879fdf9f66",
"support"
],
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/require_securecontext.html
@@ -0,0 +1,13 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Test that Credential Management requires secure contexts</title>
+<link rel="help" href="https://w3c.github.io/webappsec-credential-management/#idl-index">
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script>
+"use strict";
+ test(() => {
+ assert_false(isSecureContext);
+ assert_false('credentials' in navigator);
+ }, "Credential Management must not be accessible in insecure contexts");
+</script>