Let document.hasStorageAccess check whether the Document already has unpartitioned data access
#174
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 13, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb
annevk
reviewed
Jun 14, 2023
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 14, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 14, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb
annevk
reviewed
Jun 15, 2023
There was a problem hiding this comment.
This looks better, but:
- The state you grab from the global you could grab directly in the steps of the task. With what you do now you look at a cached value, which I guess theoretically could have changed. If you meant to do that, a note would help.
- The user agent settings shouldn't be grabbed as part of the task steps. You want to grab them while in parallel.
- Is "unpartitioned data" correct? We're just dealing with cookies here, right?
|
Thanks! storage-access/storage-access.bs Line 114 in 69042e6 |
annevk
reviewed
Jun 15, 2023
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 15, 2023
…n hasStorageAccess() This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb
johannhof
reviewed
Jun 16, 2023
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 16, 2023
…n hasStorageAccess() This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb
This comment was marked as spam.
This comment was marked as spam.
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 23, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb
aarongable
pushed a commit
to chromium/chromium
that referenced
this pull request
Jun 23, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611289 Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1161766}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 23, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611289 Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1161766}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 23, 2023
This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611289 Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1161766}
johannhof
reviewed
Jun 29, 2023
Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
johannhof
approved these changes
Jul 6, 2023
storage-access.bs
Outdated
|
|
||
| 1. If the user agent does not have explicit settings for unpartitioned cookie access for |tuple|, return "none". | ||
| 1. If the user agent's settings explicitly allow unpartitioned cookie access for |tuple|, return "allow". | ||
| 1. If the user agent's settings explicitly disallow unpartitioned cookie access for |tuple|, return "disallow". |
There was a problem hiding this comment.
I guess "disallow" is unused here now, but we might use it if we re-use this algorithm for rSA later?
There was a problem hiding this comment.
That's right. "disallow" is not checked here explicitly, but we can add
- If |explicitSetting| is "disallow", [=/resolve=] |p| with false.
if that's clearer/preferred.
There was a problem hiding this comment.
Hmm not sure, it seems unnecessary to add there. It's probably fine like this? Maybe @annevk has a preference...
There was a problem hiding this comment.
I'm somewhat surprised this has explicit "allow". I thought that was always subject to requestStorageAccess() for child frames?
There was a problem hiding this comment.
There are user agent settings that disable 3PC blocking (e.g. in Safari IIRC) or allow-list specific sites (e.g. in Firefox and Chrome), how else would we represent those?
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Jul 6, 2023
…y check in hasStorageAccess(), a=testonly Automatic update from web-platform-tests Include unpartitioned cookie availability check in hasStorageAccess() This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611289 Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1161766} -- wpt-commits: 2cf035c769f58ead31c5c11c737b4b5c6e6aed88 wpt-pr: 40531
msizanoen1
pushed a commit
to qtmlabs/chromium
that referenced
this pull request
Jul 7, 2023
…rageAccess() This change is based on spec PR privacycg/storage-access#174. (cherry picked from commit 120b35b) Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611289 Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1161766} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4665808 Auto-Submit: Shuran Huang <shuuran@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Dominic Farolino <dom@chromium.org> Cr-Commit-Position: refs/branch-heads/5845@{#322} Cr-Branched-From: 5a5dff6-refs/heads/main@{#1160321}
ErichDonGubler
pushed a commit
to ErichDonGubler/firefox
that referenced
this pull request
Jul 7, 2023
…y check in hasStorageAccess(), a=testonly Automatic update from web-platform-tests Include unpartitioned cookie availability check in hasStorageAccess() This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I6c29b2a2afddb288d40d946040dc73fbe76b6fcb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611289 Reviewed-by: Mason Freed <masonf@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Cr-Commit-Position: refs/heads/main@{#1161766} -- wpt-commits: 2cf035c769f58ead31c5c11c737b4b5c6e6aed88 wpt-pr: 40531
|
Friendly ping on this @annevk :) |
annevk
reviewed
Jul 12, 2023
storage-access.bs
Outdated
|
|
||
| 1. If the user agent does not have explicit settings for unpartitioned cookie access for |tuple|, return "none". | ||
| 1. If the user agent's settings explicitly allow unpartitioned cookie access for |tuple|, return "allow". | ||
| 1. If the user agent's settings explicitly disallow unpartitioned cookie access for |tuple|, return "disallow". |
There was a problem hiding this comment.
I'm somewhat surprised this has explicit "allow". I thought that was always subject to requestStorageAccess() for child frames?
Hmm I don't think that was an expectation on my end. I do see SAA primarily as a mechanism governing cross-site data access, not same-site (or same authority). FWIW I'd be okay with punting on a follow-up. |
|
@annevk PTAL the latest version. |
…hecked only if user settings do not explicitly allow/disallow
aarongable
pushed a commit
to chromium/chromium
that referenced
this pull request
Jul 24, 2023
Since we should always take user settings into account. This change is based on spec PR privacycg/storage-access#174. Bug: 1433013 Change-Id: I76a4fe5841c6ac1c566cbb2fa34298832a6f7da0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4705048 Reviewed-by: Johann Hofmann <johannhof@chromium.org> Reviewed-by: Chris Fredrickson <cfredric@chromium.org> Commit-Queue: Shuran Huang <shuuran@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Cr-Commit-Position: refs/heads/main@{#1174378}
annevk
reviewed
Jul 25, 2023
| 1. If |explicitSetting| is "`disallow`", [=/resolve=] |p| with false. | ||
| 1. If |explicitSetting| is "`allow`", [=/resolve=] |p| with true. | ||
| 1. If |explicitSetting| is "`none`": | ||
| 1. If |browsingContext| is a [=top-level browsing context=], [=/resolve=] |p| with true. |
There was a problem hiding this comment.
I like this better. Does @johannhof agree with this change as well?
|
@annevk does it look good with your suggestions applied? |
|
@annevk Friendly ping:) |
|
In the interest of moving things along on our graduation goals, I'll go ahead and merge this without @annevk's explicit sign-off, as there's been plenty of review (and a final positive note). I hope that works for you, Anne. I think @shuranhuang is happy to correct any remaining concerns you may have in another PR. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commits tries to make hSA match the description in the spec that “This specification defines a method to query whether or not a Document currently has access to its unpartitioned data (hasStorageAccess()) …” by including a check of whether the user agent allows the
documentto access unpartitioned data based on user settings.Fixes #171
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff