Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "get unpartitioned cookie enabled state" algo #1

Closed
wants to merge 5 commits into from
Closed

Add "get unpartitioned cookie enabled state" algo #1

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e18913a
Add "get unpartitioned cookie enabled state" algo
shuranhuang Jun 6, 2023
eebc47d
Update storage-access.bs based on suggestion
shuranhuang Jun 7, 2023
b4e4ab8
Add more steps into "get unpartitioned cookies enabled state"
shuranhuang Jun 12, 2023
8c04605
Add more steps into "get unpartitioned cookies enabled state"
shuranhuang Jun 12, 2023
87cd22d
Add more steps into "get unpartitioned cookies enabled state"
shuranhuang Jun 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 17 additions & 11 deletions storage-access.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,22 +147,27 @@ partial interface Document {
};
</pre>

To <dfn>get unpartitioned cookies enabled state</dfn>, given a {{Document}} |doc|, run the following steps:
1. If |doc| is not [=Document/fully active=], return false.
1. Let |global| be |doc|'s [=relevant global object=].
1. If |global| is not a [=secure context=], return false.
1. If |doc|'s [=Document/origin=] is an [=opaque origin=], return false.
1. If |doc|'s [=Document/browsing context=] is a [=top-level browsing context=], return true.
1. If |doc|'s [=relevant settings object=]'s [=top-level origin=] is an [=opaque origin=], return false.
1. If |doc| is same authority with |doc|'s [=Document/browsing context=]'s [=top-level browsing context=]'s [=active document=], return true.

ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.

1. Return the value of |doc|'s {{Window}} object's {{Navigator}} object's {{NavigatorCookies/cookieEnabled}} property with |global|'s [=environment/has storage access=].

When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>hasStorageAccess()</code></dfn> method must run these steps:

<!-- https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess -->

1. Let |p| be [=a new promise=].
1. If |doc| is not [=Document/fully active=], then [=/reject=] |p| with an "{{InvalidStateError}}" {{DOMException}} and return |p|.
1. If |doc|'s [=Document/origin=] is an [=opaque origin=], [=/resolve=] |p| with false and return |p|.
1. Let |global| be |doc|'s [=relevant global object=].
1. If |global| is not a [=secure context=], then [=/resolve=] |p| with false and return |p|.
1. If |doc|'s [=Document/browsing context=] is a [=top-level browsing context=], [=/resolve=] |p| with true and return |p|.
1. If the [=top-level origin=] of |doc|'s [=relevant settings object=] is an [=opaque origin=], [=/resolve=] |p| with false and return |p|.
1. If |doc| is same authority with |doc|'s [=Document/browsing context=]'s [=top-level browsing context=]'s [=active document=], [=/resolve=] |p| with true and return |p|.

ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.

1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |global|'s [=environment/has storage access=].
1. Let |cookie enabled state| be the result of |get unpartitioned cookies enabled state|.
1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |cookie enabled state|.
1. Return |p|.

When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess()</code></dfn> method must run these steps:
Expand All @@ -185,7 +190,8 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
NOTE: This check is [=same site=] on purpose, to allow embedded sites to use `requestStorageAccess()` to opt into storage access without involvement from the end user in scenarios where storage access is restricted for security and not privacy purposes.

1. If |doc|'s [=active sandboxing flag set=] has its [=sandbox storage access by user activation flag=] set, [=/reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and return |p|.
1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] |p| with {{undefined}} and return.
1. If |global|'s [=environment/has storage access=] is true, [=/resolve=] and return |p|.
1. If the result of |get unpartitioned cookie enabled state| is true, [=/resolve=] and return |p|.
1. Let |has transient activation| be whether |doc|'s {{Window}} object has [=transient activation=].
1. Run the following steps [=in parallel=]:
1. Let |process permission state| be an algorithm that, given a [=permission state=] |state|, runs the following steps:
Expand Down