-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict usage to within a secure context. #132
Conversation
Okay, so the idea is that we continue to expose the API everywhere, but we require a secure context as one of the conditions for a successful invocation. It would be good to have test coverage for this. I also wonder if there are usage numbers. |
I think it is worth adding this constraint, even if there is some usage in non-secure contexts. We should sort out #134 first, though, and that is likely to cause merge conflicts I also think this check should be further up the initial checks here, before the top-level test. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with Ben that we should move this check up, to reject in all cases, even on (insecure) top-level documents, out of consistency (though this is a weakly held opinion, happy to change my mind if there's a good reason to do it differently).
(added Firefox as interested in the PR description @bvandersloot-mozilla, lmk if that's inaccurate) |
That is accurate. I would have added it myself if I had permission... |
Thanks for the comments - done, moved the secure context check higher up. Re: tests, happy to add those; just wanted to verify that there was consensus on this first. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you Chris, this seems fine to me. Let's add tests and file bugs for implementors.
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
I've opened bugs for the major implementors (listed in the description above), and have an in-progress CL adding some WPT for this (https://crrev.com/c/3991336). |
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
Thanks Chris, I think per our checklist this is fine to merge, then. |
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3991336 Reviewed-by: Johann Hofmann <johannhof@chromium.org> Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1068742}
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3991336 Reviewed-by: Johann Hofmann <johannhof@chromium.org> Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1068742}
This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3991336 Reviewed-by: Johann Hofmann <johannhof@chromium.org> Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1068742}
…ecure contexts., a=testonly Automatic update from web-platform-tests Disallow Storage Access API calls in insecure contexts. This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3991336 Reviewed-by: Johann Hofmann <johannhof@chromium.org> Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1068742} -- wpt-commits: f9d5e9475ede2e2d0b0410c55c4b8618d7a4d9ef wpt-pr: 36743
…ecure contexts., a=testonly Automatic update from web-platform-tests Disallow Storage Access API calls in insecure contexts. This corresponds to the spec change introduced by privacycg/storage-access#132. This also adds cfredric as a suggested_reviewer for this directory. Bug: 1380155, 989663 Change-Id: I63d0f15ea53f1aea6a2746cd94f4a0c6434b9d86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3991336 Reviewed-by: Johann Hofmann <johannhof@chromium.org> Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1068742} -- wpt-commits: f9d5e9475ede2e2d0b0410c55c4b8618d7a4d9ef wpt-pr: 36743
As a user, I strongly disagree to restrict this (and many other) JS APIs to particular context (call it "secure").
If I have HTTP website (which is perfectly fine in a lot of scenarios), I still expect to rely on a consistent and predictable Javascript engine ; not a freeware/demo/toy-version because, well, someone thought you mustn't use HTTP and found a way to force HTTPS upon you. This specification (and browsers implementing it) are exceeding a role that falls on developers themselves: They are the ultimate authority about what they do with a language. And users can already choose not to browse HTTP (whose access has already been made de-incentivized). No one restricted If LetsEncrypt wouldn't be the free worldwide provider of "secure context", I'd question the sincerity of this move, the underlying motivation and possible economic incentive. I request storage (and crypto) API to stay out of this ES-for-kid/DRMized-JS specification project. (Anyone from @tc39 could come here and see what's being done to our programming language?) |
Hi @drzraf, this API defines requirements for browsers to safely allow embedded sites access to cross-site information. In the vast majority of cases this cross-site information contains user identifiers or session data that could be abused by an attacker on an insecure network. Therefore it is restricted to a secure context. What constitutes a secure context and how to improve developer ergonomics should be (politely) discussed at https://github.com/w3c/webappsec-secure-contexts or in individual bugs filed with browser engines. Thanks! |
This PR restricts usage of the API to within a secure context, and closes #125. As the Storage Access API is intended to address authenticated embeds while protecting user privacy, this change is not expected to be controversial.
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff