Disable prompting in third parties

[annevk]

In Firefox we disabled the capability for a third-party to prompt for the persistent storage permission.

Doing this helps with https://privacycg.github.io/storage-partitioning/ and also helps reduce the number of prompts where the third-party is shown.

(Delegation through the allow="" attribute does not work, unless we reinterpret that as the first-party sharing its storage area, but that should probably be its own issue if there's interest in that kind of thing.)

This would be easy to add by adding a check for origin != top-level origin in the relevant places. Is there interest from Chrome?

cc @inexorabletash

[inexorabletash]

Sounds good to me.

[pwnall]

Just to clarify, not being able to prompt means that calling navigator.storage.persist() would return true if the origin already has persistent storage, and false otherwise?

I'm asking because there's an interpretation where navigator.storage.persist() is what does the prompting, and maybe this suggestion is about having the function reject in third-party contexts.

As far as I know, Chrome never prompts for persistent storage. If the first interpretation is the valid one, this would be a no-op for us today.

Looking towards the future, I think we're generally very supportive of not allowing code in third-party frames to show permission prompts.

[annevk]

I guess what I'm really after is that a third-party that has never been visited as a first-party cannot get a hold of this capability.

@jyasskin I guess what I need here is a way to do

Let permission be the result of requesting permission to use "persistent-storage".

while returning false if the current state is "prompt".

I guess I could do what the first step of that algorithm does, but it isn't really scoped to anything. Hmm.