Google Git
Sign in
chromium / chromium / src.git / 00aa3ac24d0117702df05520fa203e28ef6e92b5^! / . / chrome / browser / webid / federated_identity_api_permission_context.cc
commit00aa3ac24d0117702df05520fa203e28ef6e92b5[log] [tgz]
authorZachary Tan <[email protected]>Wed Aug 02 20:05:39 2023
committerChromium LUCI CQ <[email protected]>Wed Aug 02 20:05:39 2023
treeb71c6433facff2352da2d655fa067601ea5c6957
parent979c6bd5582fd4c74226a256b49eac7e96494ad8 [diff] [blame]
[FedCM] Enable FedCM where 3PC is blocked and ISS is enabled

Previously, FedCM can only be enabled where third party cookies are
blocked if the FedCmWithoutThirdPartyCookies flag is enabled. With our
new mitigation plan, we can now also enable FedCM where third party
cookies are blocked if the FedCmIdpSigninStatusEnabled flag is enabled.

Mitigation plan:
https://docs.google.com/document/d/1yXHU1oP7AhjqsDXBcNndNHTjcXGb1Ve4btPPQksbuUE/edit?usp=sharing

Bug: 1469661
Change-Id: Ie990351caab0b12443882b6b5faf5f1084ea1792
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4743181
Reviewed-by: Christian Biesinger <[email protected]>
Commit-Queue: Zachary Tan <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1178619}

diff --git a/chrome/browser/webid/federated_identity_api_permission_context.cc b/chrome/browser/webid/federated_identity_api_permission_context.cc
index 5856294..f095ea5c 100644
--- a/chrome/browser/webid/federated_identity_api_permission_context.cc
+++ b/chrome/browser/webid/federated_identity_api_permission_context.cc

@@ -40,12 +40,14 @@
   const GURL rp_embedder_url = relying_party_embedder.GetURL();
 
   // TODO(npm): FedCM is currently restricted to contexts where third party
-  // cookies are not blocked unless the FedCmWithoutThirdPartyCookies flag is
-  // enabled.  Once the privacy improvements for the API are implemented, remove
-  // this restriction. See https://crbug.com/13043
+  // cookies are not blocked unless the FedCmWithoutThirdPartyCookies flag or
+  // FedCmIdpSigninStatusEnabled flag is enabled.  Once the privacy improvements
+  // for the API are implemented, remove this restriction. See
+  // https://crbug.com/13043
   if (cookie_settings_->ShouldBlockThirdPartyCookies() &&
       !cookie_settings_->IsThirdPartyAccessAllowed(rp_embedder_url) &&
-      !base::FeatureList::IsEnabled(features::kFedCmWithoutThirdPartyCookies)) {
+      !base::FeatureList::IsEnabled(features::kFedCmWithoutThirdPartyCookies) &&
+      !base::FeatureList::IsEnabled(features::kFedCmIdpSigninStatusEnabled)) {
     return PermissionStatus::BLOCKED_THIRD_PARTY_COOKIES_BLOCKED;
   }