Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let document.hasStorageAccess check whether the Document already has unpartitioned data access #174

Merged
merged 21 commits into from
Aug 21, 2023
Merged
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions storage-access.bs
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ A {{Document}} is in a <dfn>first-party-site context</dfn> if it is the [=active

A {{Document}} is in a <dfn>third party context</dfn> if it is not in a [=first-party-site context=].

<dfn>Global user settings</dfn> are user agent settings that can be modified by users.
shuranhuang marked this conversation as resolved.
Show resolved Hide resolved

<h3 id="ua-state">Changes to user agent state related to storage access</h3>

Modify the definition of [=environment=] in the following manner:
Expand Down Expand Up @@ -162,7 +164,10 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>ha

ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.

1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |global|'s [=environment/has storage access=].
1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] |p| with true and return |p|.
shuranhuang marked this conversation as resolved.
Show resolved Hide resolved
1. Run the following steps [=in parallel=]:
1. Let |has unpartitioned data access| be the result of whether the user agent allows |doc| access [=unpartitioned data=] based on [=global user settings=].
shuranhuang marked this conversation as resolved.
Show resolved Hide resolved
1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |has unpartitioned data access|.
1. Return |p|.

When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess()</code></dfn> method must run these steps:
Expand All @@ -185,7 +190,7 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
NOTE: This check is [=same site=] on purpose, to allow embedded sites to use `requestStorageAccess()` to opt into storage access without involvement from the end user in scenarios where storage access is restricted for security and not privacy purposes.

1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=/reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and return |p|.
1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] |p| with {{undefined}} and return.
1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] and return |p|.
shuranhuang marked this conversation as resolved.
Show resolved Hide resolved
1. Let |has transient activation| be whether |doc|'s {{Window}} object has [=transient activation=].
1. Run the following steps [=in parallel=]:
1. Let |process permission state| be an algorithm that, given a [=permission state=] |state|, runs the following steps:
Expand Down Expand Up @@ -442,4 +447,4 @@ Zach Edwards,
and everyone who commented on [whatwg/html#3338](https://github.com/whatwg/html/issues/3338), [privacycg/proposals#2](https://github.com/privacycg/proposals/issues/2), and [privacycg/storage-access/issues](https://github.com/privacycg/storage-access/issues)
for their feedback on this proposal.

Thanks to the [WebKit Open Source Project](https://webkit.org/) for allowing us to use the [Storage Access API Prompt](#example-prompt) image, which was [originally published on webkit.org](https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/).
Thanks to the [WebKit Open Source Project](https://webkit.org/) for allowing us to use the [Storage Access API Prompt](#example-prompt) image, which was [originally published on webkit.org](https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/).
shuranhuang marked this conversation as resolved.
Show resolved Hide resolved