From 287393641841a61bf69a5f8594be0e19cd8782c3 Mon Sep 17 00:00:00 2001 From: Kenneth Rohde Christiansen Date: Thu, 19 Oct 2023 16:48:08 +0200 Subject: [PATCH] Require all owning documents to have permission policy enabled (#239) * Require all owning documents to have permission policy enabled Co-authored-by: Raphael Kubo da Costa --- index.html | 84 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 26 deletions(-) diff --git a/index.html b/index.html index 765516e..fedc478 100644 --- a/index.html +++ b/index.html @@ -283,6 +283,28 @@

identified by the token "compute-pressure". Its [=policy-controlled feature/default allowlist=] is `["self"]`.

+

+ Workers (dedicated and shared) adhere to the permission policy set by their + owning document(s). +

+

+ Shared workers often have multiple owning documents as they can be obtained + by other documents with the [=same origin=]. + + In this case, all owning documents must be [=allowed to use=] the [=policy-controlled + feature=] defined by this specification. +

+

+ Dedicated workers can be created from other workers, + in which case the permission policy of the first owning document + (or owning documents, in case of a shared worker) up the owner + chain will be used. +

+

- To determine the owning global object set for a {{WorkerGlobalScope}} |workerGlobalScope|: + To determine the owning document set for a [=relevant global object=] |relevantGlobal|:

  1. - Let |owningGlobalObjectSet| be an empty [=set=]. + Let |owningDocumentSet| be an empty [=set=]. +
    2. +
  2. + If |relevantGlobal| is {{Window}}, then [=set/append=] |relevantGlobal|'s [=associated document=] to |owningDocumentSet|.
  3. - [=list/For each=] |owner| in |workerGlobalScope|'s [=WorkerGlobalScope/owner set=]: + Otherwise, [=list/for each=] |owner| in {{WorkerGlobalScope}} |relevantGlobal|'s [=WorkerGlobalScope/owner set=]:
    1. - If |owner| is a {{Document}}, then [=set/append=] |owner|'s [=relevant global object=] to |owningGlobalObjectSet|. + If |owner| is a {{Document}}, then [=set/append=] |owner| to |owningDocumentSet|.
    2. - If |owner| is a {{WorkerGlobalScope}}, set |owningGlobalObjectSet| to the [=set/union=] of - |owningGlobalObjectSet| and |owner|'s [=owning global object set=]. + If |owner| is a {{WorkerGlobalScope}}, set |owningDocumentSet| to the [=set/union=] of + |owningDocumentSet| and |owner|'s [=owning document set=].
  4. - Return |owningGlobalObjectSet|. + Return |owningDocumentSet|.

- The window has implicit focus steps given the argument [=relevant global object=] |relevantGlobal|, are as follows: + The document has implicit focus steps given the argument |document:Document|, are as follows:

  1. - Assert: |relevantGlobal| is a {{Window}} object. + If |document| is not [=Document/fully active=], return false.
  2. - If |relevantGlobal|'s [=associated document=] is not [=Document/fully active=], return false. + Let |relevantGlobal| be |document|'s [=relevant global object=].
  3. [=list/For each=] |origin| in @@ -964,19 +996,19 @@

    Supporting algorithms

    If |relevantGlobal| is a {{Window}} object:
    1. - Return the result of running [=window has implicit focus=] with |relevantGlobal|. + Return the result of running [=document has implicit focus=] with |relevantGlobal|'s [=associated Document=].
  4. If |relevantGlobal| is a {{WorkerGlobalScope}} object:
      -
    1. Let |owningGlobals| be |relevantGlobal|'s [=owning global object set=].
      2. +
    2. Let |owningDocuments| be |relevantGlobal|'s [=owning document set=].
    3. - [=list/For each=] |windowGlobal| in |owningGlobals|: + [=list/For each=] |document| in |owningDocuments|:
      1. - If the result of running [=window has implicit focus=] with |windowGlobal| is true, + If the result of running [=document has implicit focus=] with |document| is true, return true.