Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Viewer: cleanup definitions of embedded and iframed. Enable web view handshake #3162

Merged
merged 3 commits into from
May 10, 2016
Merged

Viewer: cleanup definitions of embedded and iframed. Enable web view handshake #3162

merged 3 commits into from
May 10, 2016

Conversation

dvoytenko
Copy link
Contributor

Closes #3117.

@dvoytenko
Copy link
Contributor Author

/cc @ericfs

cramforce
cramforce reviewed May 9, 2016
View reviewed changes
src/service/viewer-impl.js
* method.
* @private @const {boolean}
*/
this.isEmbedded_ = this.isIframed_ || !!this.params_['origin'];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using origin here seems a bit unintuitive. Maybe call a method like isNativeEmbedder?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cramforce Sorry, do you mean add a "isNativeEmbedder" parameter?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, I meant to add a method of that name that does whatever work it needs to do. I don't really see how it follows out of the origin being present.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll just add a new parameter then. We discussed with @ericfs that it might be better anyway.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any type of trust implied? What is the consequence of being embedded?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added webview=1 param.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, the consequence of being embedded is a trusted mode. Not much constraints we can reliably apply given that web view allows arbitrary script injection. We're currently going through security review with this. I can add an experiment if you'd like. But, again, the protection from it will be minimal.

@ericfs
Copy link

ericfs commented May 9, 2016

Thanks!

@cramforce
Copy link
Member

LGTM

@dvoytenko dvoytenko merged commit 3545bd4 into ampproject:master May 10, 2016
@dvoytenko dvoytenko deleted the viewer6 branch May 10, 2016 00:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@cramforce cramforce

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dvoytenko @ericfs @cramforce