From e18913aa572e0c0d858a4c7bf62c84b5440e3ee1 Mon Sep 17 00:00:00 2001
From: Shuran Huang <shuuran@chromium.org>
Date: Tue, 6 Jun 2023 20:13:55 +0000
Subject: [PATCH 1/5] Add "get unpartitioned cookie enabled state" algo

---
 storage-access.bs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/storage-access.bs b/storage-access.bs
index cbd4578..f401537 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -147,6 +147,12 @@ partial interface Document {
 };
 </pre>
 
+Let |get unpartitioned cookie enabled state| be an algorithm that, given {{Document}} |doc| and [=cookie store=], runs the following steps:
+1. Let |global| be |doc|'s [=relevant global object=].
+1. Let |cookie enabled state| be the result of [=queuing a global task=] on the [=cookie store=] with |global|'s [=environment/has storage access=].
+1. Return |cookie enabled state|
+
+
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>hasStorageAccess()</code></dfn> method must run these steps:
 
 <!-- https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess -->
@@ -162,7 +168,7 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>ha
 
     ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.
 
-1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |global|'s [=environment/has storage access=].
+1. If the result of |get unpartitioned cookie enabled state| is true, [=/resolve=] |p| with true and return |p|.
 1. Return |p|.
 
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess()</code></dfn> method must run these steps:
@@ -185,9 +191,10 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
         NOTE: This check is [=same site=] on purpose, to allow embedded sites to use `requestStorageAccess()` to opt into storage access without involvement from the end user in scenarios where storage access is restricted for security and not privacy purposes.
 
 1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=/reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and return |p|.
-1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] |p| with {{undefined}} and return.
+1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] and return |p|.
 1. Let |has transient activation| be whether |doc|'s {{Window}} object has [=transient activation=].
 1. Run the following steps [=in parallel=]:
+    1. If the result of |get unpartitioned cookie enabled state| is true, [=/resolve=] and return |p|.
     1. Let |process permission state| be an algorithm that, given a [=permission state=] |state|, runs the following steps:
         1. [=Queue a global task=] on the [=permission task source=] given |global| to:
             1. If |state| is [=permission/granted=]:

From eebc47d56ac3581b0efe0c70578fa9f139fe899b Mon Sep 17 00:00:00 2001
From: Shuran Huang <89418275+shuranhuang@users.noreply.github.com>
Date: Wed, 7 Jun 2023 15:20:01 -0400
Subject: [PATCH 2/5] Update storage-access.bs based on suggestion

Co-authored-by: Johann Hofmann <mail@johann-hofmann.com>
---
 storage-access.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage-access.bs b/storage-access.bs
index f401537..cad5203 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -147,7 +147,7 @@ partial interface Document {
 };
 </pre>
 
-Let |get unpartitioned cookie enabled state| be an algorithm that, given {{Document}} |doc| and [=cookie store=], runs the following steps:
+To <dfn>get unpartitioned cookies enabled state</dfn>, given a {{Document}} |doc|, run the following steps:
 1. Let |global| be |doc|'s [=relevant global object=].
 1. Let |cookie enabled state| be the result of [=queuing a global task=] on the [=cookie store=] with |global|'s [=environment/has storage access=].
 1. Return |cookie enabled state|

From b4e4ab85d45808dd761dc1950071379bd57f4ba3 Mon Sep 17 00:00:00 2001
From: Shuran Huang <shuuran@chromium.org>
Date: Mon, 12 Jun 2023 21:10:07 +0000
Subject: [PATCH 3/5] Add more steps into "get unpartitioned cookies enabled
 state"

---
 storage-access.bs | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/storage-access.bs b/storage-access.bs
index cad5203..9a0a686 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -148,10 +148,17 @@ partial interface Document {
 </pre>
 
 To <dfn>get unpartitioned cookies enabled state</dfn>, given a {{Document}} |doc|, run the following steps:
+1. If |doc| is not [=Document/fully active=], return false.
 1. Let |global| be |doc|'s [=relevant global object=].
-1. Let |cookie enabled state| be the result of [=queuing a global task=] on the [=cookie store=] with |global|'s [=environment/has storage access=].
-1. Return |cookie enabled state|
+1. If |global| is not a [=secure context=], return false.
+1. If |doc|'s [=Document/origin=] is an [=opaque origin=], return false.
+1. If |doc|'s [=Document/browsing context=] is a [=top-level browsing context=], return true.
+1. If |doc|'s [=relevant settings object=]'s [=top-level origin=] is an [=opaque origin=], return false.
+1. If |doc| is same authority with |doc|'s [=Document/browsing context=]'s [=top-level browsing context=]'s [=active document=], return true.
 
+    ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.
+
+1. Return the value of |doc|'s {{Window}} object's {{Navigator}} object's {{NavigatorCookies/cookieEnabled}} property with |global|'s [=environment/has storage access=].
 
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>hasStorageAccess()</code></dfn> method must run these steps:
 
@@ -159,16 +166,8 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>ha
 
 1. Let |p| be [=a new promise=].
 1. If |doc| is not [=Document/fully active=], then [=/reject=] |p| with an "{{InvalidStateError}}" {{DOMException}} and return |p|.
-1. If |doc|'s [=Document/origin=] is an [=opaque origin=], [=/resolve=] |p| with false and return |p|.
-1. Let |global| be |doc|'s [=relevant global object=].
-1. If |global| is not a [=secure context=], then [=/resolve=] |p| with false and return |p|.
-1. If |doc|'s [=Document/browsing context=] is a [=top-level browsing context=], [=/resolve=] |p| with true and return |p|.
-1. If the [=top-level origin=] of |doc|'s [=relevant settings object=] is an [=opaque origin=], [=/resolve=] |p| with false and return |p|.
-1. If |doc| is same authority with |doc|'s [=Document/browsing context=]'s [=top-level browsing context=]'s [=active document=], [=/resolve=] |p| with true and return |p|.
-
-    ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.
-
-1. If the result of |get unpartitioned cookie enabled state| is true, [=/resolve=] |p| with true and return |p|.
+1. Let |cookie enabled state| be the result of |get unpartitioned cookies enabled state|.
+1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |cookie enabled state|.
 1. Return |p|.
 
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess()</code></dfn> method must run these steps:

From 8c0460556bfc0ea9624a40b0612bd1a5561a23b3 Mon Sep 17 00:00:00 2001
From: Shuran Huang <shuuran@chromium.org>
Date: Mon, 12 Jun 2023 21:10:07 +0000
Subject: [PATCH 4/5] Add more steps into "get unpartitioned cookies enabled
 state"

---
 storage-access.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage-access.bs b/storage-access.bs
index 9a0a686..4a28a24 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -191,9 +191,9 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
 
 1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=/reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and return |p|.
 1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] and return |p|.
+1. If the result of |get unpartitioned cookie enabled state| is true,, [=/resolve=] and return |p|.
 1. Let |has transient activation| be whether |doc|'s {{Window}} object has [=transient activation=].
 1. Run the following steps [=in parallel=]:
-    1. If the result of |get unpartitioned cookie enabled state| is true, [=/resolve=] and return |p|.
     1. Let |process permission state| be an algorithm that, given a [=permission state=] |state|, runs the following steps:
         1. [=Queue a global task=] on the [=permission task source=] given |global| to:
             1. If |state| is [=permission/granted=]:

From 87cd22d84fac757feb0a6d8b5699a892634c30ac Mon Sep 17 00:00:00 2001
From: Shuran Huang <shuuran@chromium.org>
Date: Mon, 12 Jun 2023 21:10:07 +0000
Subject: [PATCH 5/5] Add more steps into "get unpartitioned cookies enabled
 state"

---
 storage-access.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage-access.bs b/storage-access.bs
index 4a28a24..0e87682 100644
--- a/storage-access.bs
+++ b/storage-access.bs
@@ -191,7 +191,7 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
 
 1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=/reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and return |p|.
 1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] and return |p|.
-1. If the result of |get unpartitioned cookie enabled state| is true,, [=/resolve=] and return |p|.
+1. If the result of |get unpartitioned cookie enabled state| is true, [=/resolve=] and return |p|.
 1. Let |has transient activation| be whether |doc|'s {{Window}} object has [=transient activation=].
 1. Run the following steps [=in parallel=]:
     1. Let |process permission state| be an algorithm that, given a [=permission state=] |state|, runs the following steps: