Deprecate obsolete permissions policy directives
`speaker`, `vibrate`, and `vr` were [listed as policy-controlled features][1] around the time when #33439 was first written (2018-07-25). However, `vibrate` was removed in w3c/webappsec-permissions-policy@b7271ac0f2, `vr` was changed to `xr` in w3c/webappsec-permissions-policy@bec5ce6547, and `speaker` was removed in w3c/webappsec-permissions-policy@18707d396e. (And `xr` was later changed to `xr-spatial-tracking`, and still only has [experimental support][2].) Therefore, this commit deprecates these permissions policy directives. [1]:6d8bbbe738/features.md (policy-controlled-features)
[2]:432a1532c9/features.md (standardized-features)
This commit is contained in:
parent
2a9f8aeb24
commit
1466b44299
@ -1,3 +1,12 @@
|
||||
* The `speaker`, `vibrate`, and `vr` permissions policy directives are now
|
||||
deprecated.
|
||||
|
||||
There is no browser support for these directives, and no plan for browser
|
||||
support in the future. You can just remove these directives from your
|
||||
application.
|
||||
|
||||
*Jonathan Hefner*
|
||||
|
||||
* Added the `:status` option to `assert_redirected_to` to specify the precise
|
||||
HTTP status of the redirect. Defaults to `:redirect` for backwards
|
||||
compatibility.
|
||||
|
@ -104,11 +104,8 @@ def permissions_policy=(policy)
|
||||
picture_in_picture: "picture-in-picture",
|
||||
screen_wake_lock: "screen-wake-lock",
|
||||
serial: "serial",
|
||||
speaker: "speaker",
|
||||
sync_xhr: "sync-xhr",
|
||||
usb: "usb",
|
||||
vibrate: "vibrate",
|
||||
vr: "vr",
|
||||
web_share: "web-share",
|
||||
}.freeze
|
||||
|
||||
@ -135,6 +132,25 @@ def initialize_copy(other)
|
||||
end
|
||||
end
|
||||
|
||||
%w[speaker vibrate vr].each do |directive|
|
||||
define_method(directive) do |*sources|
|
||||
ActiveSupport::Deprecation.warn(<<~MSG)
|
||||
The `#{directive}` permissions policy directive is deprecated
|
||||
and will be removed in Rails 7.2.
|
||||
|
||||
There is no browser support for this directive, and no plan
|
||||
for browser support in the future. You can just remove this
|
||||
directive from your application.
|
||||
MSG
|
||||
|
||||
if sources.first
|
||||
@directives[directive] = apply_mappings(sources)
|
||||
else
|
||||
@directives.delete(directive)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def build(context = nil)
|
||||
build_directives(context).compact.join("; ")
|
||||
end
|
||||
|
@ -34,11 +34,21 @@ def test_multiple_directives_for_multiple_directives
|
||||
|
||||
def test_invalid_directive_source
|
||||
exception = assert_raises(ArgumentError) do
|
||||
@policy.vr [:non_existent]
|
||||
@policy.geolocation [:non_existent]
|
||||
end
|
||||
|
||||
assert_equal "Invalid HTTP permissions policy source: [:non_existent]", exception.message
|
||||
end
|
||||
|
||||
def test_deprecated_directives
|
||||
assert_deprecated { @policy.speaker :self }
|
||||
assert_deprecated { @policy.vibrate :self }
|
||||
assert_deprecated { @policy.vr :self }
|
||||
|
||||
assert_not_deprecated do
|
||||
assert_equal "speaker 'self'; vibrate 'self'; vr 'self'", @policy.build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
class PermissionsPolicyIntegrationTest < ActionDispatch::IntegrationTest
|
||||
|
Loading…
Reference in New Issue
Block a user