Google Git
Sign in
chromium / chromium / src.git / 49ab631fe7f41c8f5bfb50811442647c0ee1c712^! / . / chrome / browser / webid / federated_identity_api_permission_context.cc
commit49ab631fe7f41c8f5bfb50811442647c0ee1c712[log] [tgz]
authorChristian Biesinger <[email protected]>Thu Aug 10 20:07:33 2023
committerChromium LUCI CQ <[email protected]>Thu Aug 10 20:07:33 2023
tree46a17a6bfa680c8305dc603cf64738330bcbee3c
parent81cac896e48f577529e31d055789f1b1f06cfe4a [diff] [blame]
[FedCM] Don't block the API when ISS is enabled through OT

Bug: 1472015
Change-Id: I9aa2f7e8d5d366d68973d8e271d9946f4d754da9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4763234
Reviewed-by: Yi Gu <[email protected]>
Commit-Queue: Christian Biesinger <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1182254}

diff --git a/chrome/browser/webid/federated_identity_api_permission_context.cc b/chrome/browser/webid/federated_identity_api_permission_context.cc
index f095ea5c..815cf80 100644
--- a/chrome/browser/webid/federated_identity_api_permission_context.cc
+++ b/chrome/browser/webid/federated_identity_api_permission_context.cc

@@ -39,18 +39,6 @@
 
   const GURL rp_embedder_url = relying_party_embedder.GetURL();
 
-  // TODO(npm): FedCM is currently restricted to contexts where third party
-  // cookies are not blocked unless the FedCmWithoutThirdPartyCookies flag or
-  // FedCmIdpSigninStatusEnabled flag is enabled.  Once the privacy improvements
-  // for the API are implemented, remove this restriction. See
-  // https://crbug.com/13043
-  if (cookie_settings_->ShouldBlockThirdPartyCookies() &&
-      !cookie_settings_->IsThirdPartyAccessAllowed(rp_embedder_url) &&
-      !base::FeatureList::IsEnabled(features::kFedCmWithoutThirdPartyCookies) &&
-      !base::FeatureList::IsEnabled(features::kFedCmIdpSigninStatusEnabled)) {
-    return PermissionStatus::BLOCKED_THIRD_PARTY_COOKIES_BLOCKED;
-  }
-
   const ContentSetting setting = host_content_settings_map_->GetContentSetting(
       rp_embedder_url, rp_embedder_url,
       ContentSettingsType::FEDERATED_IDENTITY_API);
@@ -68,6 +56,19 @@
           rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API)) {
     return PermissionStatus::BLOCKED_EMBARGO;
   }
+  // TODO(npm): FedCM is currently restricted to contexts where third party
+  // cookies are not blocked unless the FedCmWithoutThirdPartyCookies flag or
+  // FedCmIdpSigninStatusEnabled flag is enabled. The IDP signin status API
+  // override is implemented in the caller because it can be enabled through
+  // origin trials. This block can be removed when the IDP Signin status API
+  // ships.
+  // See https://crbug.com/1451396
+  if (cookie_settings_->ShouldBlockThirdPartyCookies() &&
+      !cookie_settings_->IsThirdPartyAccessAllowed(rp_embedder_url) &&
+      !base::FeatureList::IsEnabled(features::kFedCmWithoutThirdPartyCookies)) {
+    return PermissionStatus::BLOCKED_THIRD_PARTY_COOKIES_BLOCKED;
+  }
+
   return PermissionStatus::GRANTED;
 }