Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spec partition nonce functionality #149

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Spec partition nonce functionality #149

Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
eed0df0
add credentialless iframe spec
Apr 9, 2024
9b9be96
iframe credentialless section
Apr 11, 2024
2969e29
add skeleton
Apr 25, 2024
1f35fdb
address comments
Aug 19, 2024
99b53f9
Merge branch 'master' into partition-nonce
VergeA Nov 22, 2024
a48e6f2
Address comments from domfarolino
VergeA Nov 22, 2024
ef943e0
Unbreak the build
VergeA Nov 22, 2024
94dc0ec
Rewrap to 100
VergeA Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions spec.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,19 @@ spec: url; for:/; type: dfn; text: url
"deliveredBy": [
"https://wicg.io/"
]
},
"iframe-credentialless": {
"authors": [
"Arthur Sonzogni",
"Camille Lamy"
],
"href": "https://wicg.github.io/anonymous-iframe/",
"title": "Iframe credentialless",
"status": "CG-DRAFT",
"publisher": "WICG",
"deliveredBy": [
"https://wicg.io/"
]
}
}
</pre>
Expand Down Expand Up @@ -134,6 +147,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
urlPrefix: browsing-the-web.html
text: create and initialize a Document object; url: initialise-the-document-object
text: create navigation params by fetching; url: create-navigation-params-by-fetching
text: process a navigate fetch; url: process-a-navigate-fetch
text: document state; url: she-document-state
text: historyHandling; url: navigation-hh
text: referrerPolicy; url: navigation-referrer-policy
Expand Down Expand Up @@ -204,6 +218,8 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
text: fire a click event; url: fire-a-click-event
urlPrefix: urls-and-fetching.html
text: about:srcdoc; url: about:srcdoc
urlPrefix: document-lifestyle.html
text: initialize the document object; url: initialise-the-document-object
spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
type: dfn
text: queue a cross-origin embedder policy CORP violation report; url: queue-a-cross-origin-embedder-policy-corp-violation-report
Expand Down Expand Up @@ -254,6 +270,9 @@ spec: attribution-reporting; urlPrefix: https://wicg.github.io/attribution-repor
spec: turtledove; urlPrefix: https://wicg.github.io/turtledove/
type: dfn
text: construct a pending fenced frame config; url: construct-a-pending-fenced-frame-config
spec: iframe-credentialless; urlPrefix: https://wicg.github.io/anonymous-iframe/
type: dfn
text: credentialless; url: navigation-params-credentialless
VergeA marked this conversation as resolved.
Show resolved Hide resolved
</pre>

<style>
Expand Down Expand Up @@ -3291,6 +3310,56 @@ at the expense of some utility.
</wpt>
</div>

<h3 id=credentialless-monkeypatch>Iframe credentialless</h3>

The [[!IFRAME-CREDENTIALLESS]] specification defines a new object, the
[=page credentialless nonce=]. At a high level, the
VergeA marked this conversation as resolved.
Show resolved Hide resolved
[=fenced frame config instance/partition nonce=] serves the same purpose as the
[=page credentialless nonce=] (partitioning storage and network), but scoped to each fenced
frame rather than to each credentialless iframe. The
[=fenced frame config instance/partition nonce=] is also used to revoke network access in fenced
frames. Perform the following monkeypatches to the [[!IFRAME-CREDENTIALLESS]] spec.

Add the following algorithm:
gtanzer marked this conversation as resolved.
Show resolved Hide resolved

<div algorithm>
To <dfn for="browsing context">compute the effective partition nonce</dfn> given a
boolean |credentialless| and [=fenced frame config instance/partition nonce=] or null
VergeA marked this conversation as resolved.
Show resolved Hide resolved
|newFencedFrameNonce|:

1. If |credentialless| is true, return |this|'s [=top-level browsing context=]'s
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

credentialless => isCredentialless

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't really change this, since it corresponds to an exposed IDL attribute.
https://wicg.github.io/anonymous-iframe/#spec-window-attribute

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well where are you getting |credentialless| from then? It's not just a global variable is it?

Copy link
Collaborator Author

@gtanzer gtanzer Jul 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a local variable, but I meant it would be weird to call it something else when it corresponds exactly to this preexisting field, and the same name is used throughout the Iframe credentialless spec

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this local variable defined? Sorry I don't think I'm getting it.

Copy link
Collaborator Author

@gtanzer gtanzer Aug 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I misread this. I didn't mean to name the variable isCredentialless above in the declaration. The iframe credentialless spec refers to this kind of variable as credentialless throughout, so it would be inconsistent naming to use isCredentialless here. Changed the declaration back to credentialless to match.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So @VergeA what's the verdict here? Should we have a "credentialless" variable in the algorithm declaration? Does everything look good enough here to resolve?

Copy link
Collaborator

@VergeA VergeA Nov 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I believe the "credentialless" variable needs to be declared. Reasoning:

  • The "process a navigate fetch" algorithm below already has a "credentialless" variable
  • The "initialize a document object" algorithm below also already has a "credentialless" variable

Without it, we don't know whether the partition nonce should come from the credentialless iframe or the fenced frame.

Given that the algorithm here declares |credentialless| as a local variable, and the below algorithms invoke it correctly, this seems fine to me to resolve.

(going to resolve all the other comments before I re-request a review, just need to get this one out of my brain.)

VergeA marked this conversation as resolved.
Show resolved Hide resolved
[=page credentialless nonce=].

1. If |newFencedFrameNonce| is not null, return |newFencedFrameNonce|.

1. Let |instance| be |this|'s [=browsing context/fenced frame config instance=].

1. If |instance| is null, return null.
VergeA marked this conversation as resolved.
Show resolved Hide resolved

1. Return |instance|'s [=fenced frame config instance/partition nonce=].
VergeA marked this conversation as resolved.
Show resolved Hide resolved
</div>

<div algorithm="process a navigate fetch">
Modify the step added to [=process a navigate fetch=] to read:
gtanzer marked this conversation as resolved.
Show resolved Hide resolved
VergeA marked this conversation as resolved.
Show resolved Hide resolved

13. Let <var ignore>partitionNonce</var> be the result of
[=browsing context/computing the effective partition nonce=] on
<var ignore>browsingContext</var> given <var ignore>credentialless</var> and
<var ignore>sourceSnapshotParams</var>'s
[=source snapshot params/target fenced frame config=].
</div>

<div algorithm="initialize the document object">
Modify the step added to [=initialize the document object=] to read:
gtanzer marked this conversation as resolved.
Show resolved Hide resolved

6.9. Let <var ignore>partitionNonce</var> be the result of
[=browsing context/computing the effective partition nonce=] on
<var ignore>browsingContext</var> given |navigationParams|'s [=credentialless=] and null if
VergeA marked this conversation as resolved.
Show resolved Hide resolved
|navigationParams|'s [=navigation params/fenced frame config instance=] is null else
|navigationParams|'s [=navigation params/fenced frame config instance=]'s
[=fenced frame config instance/partition nonce=].
</div>

<h2 id=security-and-privacy>Security & Privacy Considerations</h2>

This material is being upstreamed from our explainer into this specification, and in the meantime
Expand Down
Loading