Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove modification of document.requestStorageAccess algorithm #34

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove modification of document.requestStorageAccess algorithm #34

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e125112
Remove modification of `document.requestStorageAccess` algorithm
cfredric Apr 12, 2023
54d5d1b
Swap "may" note for proper permissions integration
cfredric Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 34 additions & 11 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,30 @@ To <dfn>determine if a request has top-level storage access</dfn> with [=request

</div>

<h2 id="changes-to-permissions">Changes to Permissions</h2>

In [=specifies a powerful feature|specifying a powerful feature=], add the following algorithm:

<dl>
<dt>
A <dfn data-dfn-for="powerful feature" class="export">permission granted algorithm</dfn>:
</dt>
<dd>
Takes a [=permission key=]. Updates any other parts of the implementation that need to be kept in sync with changes in the results of [=permission states=] or [=extra permission data=].

If unspecified, this defaults to be a no-op.
</dd>
</dl>

When [=requesting permission to use=] "<a permission><code>top-level-storage-access</code></a>", replace step 6 ("Queue a task...") with the following steps:

1. [=Queue a task=] on the [=current settings object=]'s [=responsible event loop=] to run the following steps:
1. [=Set a permission store entry=] with <var ignore>descriptor</var>, <var ignore>key</var>, and |current state|.
1. If |current state| is "[=permission/granted=]", run the [=permission granted algorithm=].

<h2 id="permissions-integration">Permissions Integration</h2>

The requestStorageAccessFor API defines a [=powerful feature=] identified by the [=powerful feature/name=] "<dfn export permission><code>top-level-storage-access</code></dfn>". It defines the following permission-related algorithms:
The requestStorageAccessFor API defines a [=powerful feature=] identified by the [=powerful feature/name=] "<dfn permission><code>top-level-storage-access</code></dfn>". It defines the following permission-related algorithms:

<dl>
<dt>{{PermissionDescriptor}}</dt>
Expand Down Expand Up @@ -206,6 +227,17 @@ The requestStorageAccessFor API defines a [=powerful feature=] identified by the
1. If |key1| is null or |key2| is null, return false.
1. Return |key1| is [=same site=] with |key2|.

</div>
</dd>
<dt>[=powerful feature/permission granted algorithm=]</dt>
<dd>
<div algorithm='top-level-storage-access-granted-algorithm'>
When permission to use the "<a permission><code>top-level-storage-access</code></a>" feature has been granted for [=permission key=] |key|, run the following steps:
1. If |key| is null, return.
1. Let |descriptor| be a {{PermissionDescriptor}} with name "<a permission><code>storage-access</code></a>".
1. [=Set a permission store entry=] with |descriptor|, |key|, and "[=permission/granted=]".
1. Run the [=permission granted algorithm=] for the "<a permission><code>storage-access</code></a>" feature.

</div>
</dd>
</dl>
Expand All @@ -229,18 +261,9 @@ In [=http network or cache fetch=], when determining whether to block cookies, r
<h2 id="storage-access-api-integration">Storage Access API Integration</h2>

Note: even after a successful {{Document/requestStorageAccessFor(requestedOrigin)}} call, frames have to explicitly invoke {{Document/requestStorageAccess()}} for cookie access.
This modification allows {{Document/requestStorageAccessFor(requestedOrigin)}} to allow resolution of {{Document/requestStorageAccess()}} calls similarly to a prior successful {{Document/requestStorageAccess()}} grant.

<div algorithm='storage-access-policy-modification'>
Modify {{Document/requestStorageAccess()}} to insert the following steps before step 13.4 (i.e. before checking transient activation):

1. Let |settings| be <var ignore>doc</var>'s [=relevant settings object=].
1. Let |origin| be |settings|' [=environment settings object/origin=].
1. Let |descriptor| be a newly created {{TopLevelStorageAccessPermissionDescriptor}} with {{PermissionDescriptor/name}} set to "<a permission><code>top-level-storage-access</code></a>" and with {{TopLevelStorageAccessPermissionDescriptor/requestedOrigin}} set to |origin|.
1. If |descriptor|'s [=permission state=] is [=permission/granted=], [=queue a global task=] on the [=permissions task source=] given |global| to [=resolve=] |p|, and return.
1. If |descriptor|'s [=permission state=] is [=permission/denied=], [=queue a global task=] on the [=permissions task source=] given |global| to [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}}, and return.
As noted above, user agents may choose to grant the corresponding `storage-access` permission when granting `top-level-storage-access` permission.

</div>

<h2 id="privacy">Privacy considerations</h2>

Expand Down