ladybird/Libraries/LibWeb/PermissionsPolicy/AutoplayAllowlist.cpp

/*
 * Copyright (c) 2023-2025, Tim Flynn <trflynn89@ladybird.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#include <AK/String.h>
#include <LibURL/Origin.h>
#include <LibURL/Parser.h>
#include <LibURL/URL.h>
#include <LibWeb/DOM/Document.h>
#include <LibWeb/DOMURL/DOMURL.h>
#include <LibWeb/PermissionsPolicy/AutoplayAllowlist.h>

// FIXME: This is an ad-hoc implementation of the "autoplay" policy-controlled feature:
// https://w3c.github.io/webappsec-permissions-policy/#policy-controlled-feature

namespace Web::PermissionsPolicy {

AutoplayAllowlist& AutoplayAllowlist::the()
{
    static AutoplayAllowlist filter;
    return filter;
}

AutoplayAllowlist::AutoplayAllowlist() = default;
AutoplayAllowlist::~AutoplayAllowlist() = default;

// https://w3c.github.io/webappsec-permissions-policy/#is-feature-enabled
Decision AutoplayAllowlist::is_allowed_for_origin(DOM::Document const& document, URL::Origin const& origin) const
{
    // FIXME: 1. Let policy be document’s Permissions Policy
    // FIXME: 2. If policy’s inherited policy for feature is Disabled, return "Disabled".

    // 3. If feature is present in policy’s declared policy:
    if (m_allowlist.has_value()) {
        // 1. If the allowlist for feature in policy’s declared policy matches origin, then return "Enabled".
        // 2. Otherwise return "Disabled".
        return m_allowlist->visit(
            [](Global) {
                return Decision::Enabled;
            },
            [&](auto const& patterns) {
                for (auto const& pattern : patterns) {
                    if (pattern.is_same_origin_domain(origin))
                        return Decision::Enabled;
                }

                return Decision::Disabled;
            });
    }

    // 4. If feature’s default allowlist is *, return "Enabled".
    // 5. If feature’s default allowlist is 'self', and origin is same origin with document’s origin, return "Enabled".
    // NOTE: The "autoplay" feature's default allowlist is 'self'.
    //       https://html.spec.whatwg.org/multipage/infrastructure.html#autoplay-feature
    if (origin.is_same_origin(document.origin()))
        return Decision::Enabled;

    // 6. Return "Disabled".
    return Decision::Disabled;
}

void AutoplayAllowlist::enable_globally()
{
    m_allowlist = Global {};
}

void AutoplayAllowlist::enable_for_origins(ReadonlySpan<String> origins)
{
    m_allowlist = Patterns {};

    auto& allowlist = m_allowlist->get<Patterns>();
    allowlist.ensure_capacity(origins.size());

    for (auto const& origin : origins) {
        auto url = URL::Parser::basic_parse(origin);

        if (!url.has_value())
            url = URL::Parser::basic_parse(MUST(String::formatted("https://{}", origin)));
        if (!url.has_value()) {
            dbgln("Invalid origin for autoplay allowlist: {}", origin);
            continue;
        }

        allowlist.append(url->origin());
    }
}

}
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								/*
-												LibWeb: Remove OOM handling from the AutoplayAllowlist

											
										
										
											2025-03-29 08:54:51 -04:00
+								 * Copyright (c) 2023-2025, Tim Flynn <trflynn89@ladybird.org>
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								 *
 								 * SPDX-License-Identifier: BSD-2-Clause
 								 */
 								#include <AK/String.h>
-												LibWeb+LibURL: Move HTML::Origin to URL::Origin

While Origin is defined in the HTML spec - this leaves us with quite an
awkward relationship as the URL spec makes use of AO's from what is
defined in the HTML spec.

To simplify this factoring, relocate Origin into LibURL.

											
										
										
											2024-10-05 15:33:34 +13:00
+								#include <LibURL/Origin.h>
-												Everywhere: Remove some use of the URL constructors

These make it too easy to construct an invalid URL, which makes it
difficult to remove the valid state of URL - which this API relies
on.

											
										
										
											2025-02-16 14:45:52 +13:00
+								#include <LibURL/Parser.h>
-												AK+LibURL: Move AK::URL into a new URL library

This URL library ends up being a relatively fundamental base library of
the system, as LibCore depends on LibURL.

This change has two main benefits:
 * Moving AK back more towards being an agnostic library that can
   be used between the kernel and userspace. URL has never really fit
   that description - and is not used in the kernel.
 * URL _should_ depend on LibUnicode, as it needs punnycode support.
   However, it's not really possible to do this inside of AK as it can't
   depend on any external library. This change brings us a little closer
   to being able to do that, but unfortunately we aren't there quite
   yet, as the code generators depend on LibCore.

											
										
										
											2024-03-18 16:22:27 +13:00
+								#include <LibURL/URL.h>
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								#include <LibWeb/DOM/Document.h>
-												LibWeb: Rename URL platform object to DOMURL

Along with putting functions in the URL namespace into a DOMURL
namespace.

This is done as LibWeb is in an awkward situation where it needs
two URL classes. AK::URL is the general purpose URL class which
is all that is needed in 95% of cases. URL in the Web namespace
is needed predominantly for interfacing with the javascript
interfaces.

Because of two URLs in the same namespace, AK::URL has had to be
used throughout LibWeb. If we move AK::URL into a URL namespace,
this becomes more painful - where ::URL::URL is required to
specify the constructor (and something like
::URL::create_with_url_or_path in other places).

To fix this problem - rename the class in LibWeb implementing the
URL IDL interface to DOMURL, along with moving the other Web URL
related classes into this DOMURL folder.

One could argue that this name also makes the situation a little
more clear in LibWeb for why these two URL classes need be used
in the first place.

											
										
										
											2024-02-11 19:48:56 +13:00
+								#include <LibWeb/DOMURL/DOMURL.h>
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								#include <LibWeb/PermissionsPolicy/AutoplayAllowlist.h>
 								// FIXME: This is an ad-hoc implementation of the "autoplay" policy-controlled feature:
 								// https://w3c.github.io/webappsec-permissions-policy/#policy-controlled-feature
 								namespace Web::PermissionsPolicy {
 								AutoplayAllowlist& AutoplayAllowlist::the()
 								{
 								    static AutoplayAllowlist filter;
 								    return filter;
 								}
 								AutoplayAllowlist::AutoplayAllowlist() = default;
 								AutoplayAllowlist::~AutoplayAllowlist() = default;
 								// https://w3c.github.io/webappsec-permissions-policy/#is-feature-enabled
-												LibWeb+LibURL: Move HTML::Origin to URL::Origin

While Origin is defined in the HTML spec - this leaves us with quite an
awkward relationship as the URL spec makes use of AO's from what is
defined in the HTML spec.

To simplify this factoring, relocate Origin into LibURL.

											
										
										
											2024-10-05 15:33:34 +13:00
+								Decision AutoplayAllowlist::is_allowed_for_origin(DOM::Document const& document, URL::Origin const& origin) const
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								{
 								    // FIXME: 1. Let policy be document’s Permissions Policy
 								    // FIXME: 2. If policy’s inherited policy for feature is Disabled, return "Disabled".
 								    // 3. If feature is present in policy’s declared policy:
 								    if (m_allowlist.has_value()) {
 								        // 1. If the allowlist for feature in policy’s declared policy matches origin, then return "Enabled".
 								        // 2. Otherwise return "Disabled".
 								        return m_allowlist->visit(
 								            [](Global) {
 								                return Decision::Enabled;
 								            },
 								            [&](auto const& patterns) {
 								                for (auto const& pattern : patterns) {
 								                    if (pattern.is_same_origin_domain(origin))
 								                        return Decision::Enabled;
 								                }
 								                return Decision::Disabled;
 								            });
 								    }
 								    // 4. If feature’s default allowlist is *, return "Enabled".
 								    // 5. If feature’s default allowlist is 'self', and origin is same origin with document’s origin, return "Enabled".
 								    // NOTE: The "autoplay" feature's default allowlist is 'self'.
 								    //       https://html.spec.whatwg.org/multipage/infrastructure.html#autoplay-feature
 								    if (origin.is_same_origin(document.origin()))
 								        return Decision::Enabled;
 								    // 6. Return "Disabled".
 								    return Decision::Disabled;
 								}
 								void AutoplayAllowlist::enable_globally()
 								{
 								    m_allowlist = Global {};
 								}
-												LibWeb: Remove OOM handling from the AutoplayAllowlist

											
										
										
											2025-03-29 08:54:51 -04:00
+								void AutoplayAllowlist::enable_for_origins(ReadonlySpan<String> origins)
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								{
 								    m_allowlist = Patterns {};
 								    auto& allowlist = m_allowlist->get<Patterns>();
-												LibWeb: Remove OOM handling from the AutoplayAllowlist

											
										
										
											2025-03-29 08:54:51 -04:00
+								    allowlist.ensure_capacity(origins.size());
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
 								    for (auto const& origin : origins) {
-												Everywhere: Remove some use of the URL constructors

These make it too easy to construct an invalid URL, which makes it
difficult to remove the valid state of URL - which this API relies
on.

											
										
										
											2025-02-16 14:45:52 +13:00
+								        auto url = URL::Parser::basic_parse(origin);
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
-												Everywhere: Remove some use of the URL constructors

These make it too easy to construct an invalid URL, which makes it
difficult to remove the valid state of URL - which this API relies
on.

											
										
										
											2025-02-16 14:45:52 +13:00
+								        if (!url.has_value())
-												LibWeb: Remove OOM handling from the AutoplayAllowlist

											
										
										
											2025-03-29 08:54:51 -04:00
+								            url = URL::Parser::basic_parse(MUST(String::formatted("https://{}", origin)));
-												Everywhere: Remove some use of the URL constructors

These make it too easy to construct an invalid URL, which makes it
difficult to remove the valid state of URL - which this API relies
on.

											
										
										
											2025-02-16 14:45:52 +13:00
+								        if (!url.has_value()) {
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								            dbgln("Invalid origin for autoplay allowlist: {}", origin);
 								            continue;
 								        }
-												LibWeb: Remove OOM handling from the AutoplayAllowlist

											
										
										
											2025-03-29 08:54:51 -04:00
+								        allowlist.append(url->origin());
-												LibWeb+LibWebView+WebContent: Add APIs to manage an autoplay allowlist

The spec defines a Permissions Policy to control some browser behaviors
on a per-origin basis. Management of these permissions live in their own
spec: https://w3c.github.io/webappsec-permissions-policy/

This implements a somewhat ad-hoc Permissions Policy for autoplaying
media elements. We will need to implement the entire policy spec for
this to be more general.

											
										
										
											2023-04-17 13:21:19 -04:00
+								    }
 								}
 								}