Spec partition nonce functionality #149
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -74,6 +74,19 @@ spec: url; for:/; type: dfn; text: url | |||||
| "deliveredBy": [ | ||||||
| "https://wicg.io/" | ||||||
| ] | ||||||
| }, | ||||||
| "iframe-credentialless": { | ||||||
| "authors": [ | ||||||
| "Arthur Sonzogni", | ||||||
| "Camille Lamy" | ||||||
| ], | ||||||
| "href": "https://wicg.github.io/anonymous-iframe/", | ||||||
| "title": "Iframe credentialless", | ||||||
| "status": "CG-DRAFT", | ||||||
| "publisher": "WICG", | ||||||
| "deliveredBy": [ | ||||||
| "https://wicg.io/" | ||||||
| ] | ||||||
| } | ||||||
| } | ||||||
| </pre> | ||||||
|
|
@@ -264,6 +277,10 @@ spec: attribution-reporting; urlPrefix: https://wicg.github.io/attribution-repor | |||||
| spec: turtledove; urlPrefix: https://wicg.github.io/turtledove/ | ||||||
| type: dfn | ||||||
| text: construct a pending fenced frame config; url: construct-a-pending-fenced-frame-config | ||||||
| spec: iframe-credentialless; urlPrefix: https://wicg.github.io/anonymous-iframe/ | ||||||
| type: dfn | ||||||
| for: navigation params | ||||||
| text: credentialless; url: navigation-params-credentialless | ||||||
| </pre> | ||||||
|
|
||||||
| <style> | ||||||
|
|
@@ -3990,6 +4007,55 @@ at the expense of some utility. | |||||
| </wpt> | ||||||
| </div> | ||||||
|
|
||||||
| <h3 id=credentialless-monkeypatch>Iframe credentialless</h3> | ||||||
|
|
||||||
| The [[!IFRAME-CREDENTIALLESS]] specification defines a new object, the [=page credentialless | ||||||
| nonce=]. At a high level, the [=fenced frame config instance/partition nonce=] serves the same | ||||||
| purpose as the [=page credentialless nonce=] (partitioning storage and network), but scoped to each | ||||||
| fenced frame rather than to each credentialless iframe. The [=fenced frame config instance/ | ||||||
| partition nonce=] is also used to revoke network access in fenced frames. Perform the following | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| monkeypatches to the [[!IFRAME-CREDENTIALLESS]] spec. | ||||||
|
|
||||||
| Add the following algorithm: | ||||||
gtanzer marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
|
|
||||||
| <div algorithm> | ||||||
| To <dfn for="browsing context">compute the effective partition nonce</dfn> given a boolean | ||||||
| |credentialless| and [=fenced frame config instance/partition nonce=]-or-null | ||||||
| |newFencedFrameNonce|: | ||||||
|
|
||||||
| 1. If |credentialless| is true, return the associated [=browsing context=]'s [=top-level | ||||||
| browsing context=]'s [=page credentialless nonce=]. | ||||||
|
There was a problem hiding this comment. Note that the usage of "top-level browsing context" here will be fenced — is that intentional? That's because this specification does not override HTML's definition of top-level browsing context, which just iteratively reaches upward via the "parent" property, never the "unfenced parent" property. If you want the unfenced version, you'll need to grab a navigable's top-level traversable and get its browsing context and grab its page credentialless nonce. I just wanted to raise this in case it was unexpected. WDYT? It seems like this algorithm prefers:
Actually (3) above is a little confusing or surprising to me. Below on |
||||||
|
|
||||||
| 1. If |newFencedFrameNonce| is not null, return |newFencedFrameNonce|. | ||||||
|
|
||||||
| 1. Let |instance| be the associated [=browsing context=]'s [=browsing context/fenced frame | ||||||
| config instance=]. | ||||||
|
|
||||||
| 1. Return |instance|'s [=fenced frame config instance/partition nonce=] if |instance| is not | ||||||
| null, and return null otherwise. | ||||||
| </div> | ||||||
|
|
||||||
| <div algorithm="process a navigate fetch"> | ||||||
| Modify the step added to <a href=https://wicg.github.io/anonymous-iframe/#spec-navigation-partition-nonce> | ||||||
| process a navigate fetch</a> to read: | ||||||
|
|
||||||
| 13. Let <var ignore>partitionNonce</var> be the result of [=browsing context/computing the | ||||||
|
There was a problem hiding this comment. Just to triple check here — the partitionNonce returned from the "computing" algorithm can be null. Can all of the consumers of this (presumably in the iframe credentialless spec) consume null in this case? Just want to make sure we're not in a position where we're passing null around to things that only accept/expect a populated nonce. |
||||||
| effective partition nonce=] on <var ignore>browsingContext</var> given <var ignore> | ||||||
| credentialless</var> and <var ignore>sourceSnapshotParams</var>'s [=source snapshot params/ | ||||||
| target fenced frame config=]. | ||||||
| </div> | ||||||
|
|
||||||
| <div algorithm="initialize the document object"> | ||||||
| Modify the step added to <a href=https://wicg.github.io/anonymous-iframe/#spec-window-partition-nonce> | ||||||
| initialize the document object</a> to read: | ||||||
|
|
||||||
| 6.9. Let <var ignore>partitionNonce</var> be the result of [=browsing context/computing the | ||||||
| effective partition nonce=] on <var ignore>browsingContext</var> given |navigationParams|'s | ||||||
| [=navigation params/credentialless=] and null if |navigationParams|'s [=navigation params/ | ||||||
| fenced frame config instance=] is null else |navigationParams|'s [=navigation params/fenced | ||||||
| frame config instance=]'s [=fenced frame config instance/partition nonce=]. | ||||||
| </div> | ||||||
|
|
||||||
| <h3 id=webrtc-monkeypatch>WebRTC</h3> | ||||||
|
|
||||||
| The [[WEBRTC]] specification defines "ECMAScript APIs in WebIDL to allow media and generic | ||||||
|
|
||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is page credentialless nonce really scoped to each credentialless iframe? The definition you link to seems to be tied to a top-level browsing context, which spans many iframes.