-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to block storage access pre-activation? #7
Comments
@kinu I wrote this based on your comment in #5 (comment), but would you be able to expand on this point? For example, it seems like you'd still have conflicts with two same-name, different-value cookies. As another point, I wonder what the difference is between localStorage and cookies in this regard? |
Thanks! Reg: the cookies cases: you're right that there still can be cases where conflicts happen. I was thinking about a bit more specific cases where the page has had no cookies, then partitioned == empty (== unpartitioned), and it feels there's less reason to let them fail. There have been also some prior thoughts for starting with empty cookies and merging back changes based on timestamps on prerendering, i.e. https://www.chromium.org/developers/design-documents/cookies-and-prerender (option b and c) It's a good point that document.cookies and localStorage have the very similar properties (they also have sync APIs). I'll think a bit more about this, but maybe they don't need to be distinguished. |
The idea of having localStorage throw but indexedDB hang is kind of weird and asymmetrical, so I suspect they should behave the same for consistency's sake. But maybe that's less of a big deal in practice. |
We've had some more discussion of this issue in an external document, which analyzed it holistically with other pre-activation restrictions. We feel like we have solid strategies for asynchronous storage APIs, BroadcastChannel, SharedWorker, and web locks. What remains are:
|
Let me check my understanding. Based on the explanation in the external document, it's ok to grant both the sync and async storage APIs in prerendered pages as long as it is same-origin prerendering, right? The current Chromium implementation and wpt_internal tests obey this assumption. If it's correct, I'll start upstreaming the tests. |
Yes, that understanding is correct. No restrictions on same-origin prerendering. |
… pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac
… pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf
… pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415}
… pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416}
… pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415}
… pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416}
… pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415}
… pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416}
This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266
This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299}
This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299}
This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299}
…Is in same-origin prerendered pages (1), a=testonly Automatic update from web-platform-tests Prerender: Upstream tests for storage APIs in same-origin prerendered pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415} -- wpt-commits: 8ea9b89d6e238b0edaa671e0e4ea2675605bc468 wpt-pr: 31284
…Is in same-origin prerendered pages (2), a=testonly Automatic update from web-platform-tests Prerender: Upstream tests for storage APIs in same-origin prerendered pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416} -- wpt-commits: a30e4f76abdbc48b2d922b5ab61707edaefcbb26 wpt-pr: 31283
…n same-origin prerendered pages, a=testonly Automatic update from web-platform-tests Prerender: Upstream a test for cookies in same-origin prerendered pages This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299} -- wpt-commits: aea6e4f23f1cb516d5638f2444baf91be4397b17 wpt-pr: 31323
…Is in same-origin prerendered pages (1), a=testonly Automatic update from web-platform-tests Prerender: Upstream tests for storage APIs in same-origin prerendered pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415} -- wpt-commits: 8ea9b89d6e238b0edaa671e0e4ea2675605bc468 wpt-pr: 31284
…Is in same-origin prerendered pages (2), a=testonly Automatic update from web-platform-tests Prerender: Upstream tests for storage APIs in same-origin prerendered pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416} -- wpt-commits: a30e4f76abdbc48b2d922b5ab61707edaefcbb26 wpt-pr: 31283
…n same-origin prerendered pages, a=testonly Automatic update from web-platform-tests Prerender: Upstream a test for cookies in same-origin prerendered pages This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299} -- wpt-commits: aea6e4f23f1cb516d5638f2444baf91be4397b17 wpt-pr: 31323
… pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415}
… pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416}
This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299}
… pages (1) This CL upstreams tests for storage APIs (Cache Storage, IndexedDB, Local Storage) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Tests for remaining storage APIs (e.g., Storage Foundation) will be upstreamed by subsequent CLs. Bug: 1253158 Change-Id: I25482404b7bbee2566297bd917dfe824502052cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226443 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932415} NOKEYCHECK=True GitOrigin-RevId: 53813a590cb66f63287f937130a4b276b6779282
… pages (2) This CL upstreams tests for storage APIs (Storage Foundation, Web Database) in same-origin prerendered pages to the WPT. The behavior of these APIs is not defined in the spec yet, but we already reached a consensus that the storage APIs in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: If34e4f325341a95f036beff43af19dde3504a8ac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3226531 Reviewed-by: Kouhei Ueno <[email protected]> Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#932416} NOKEYCHECK=True GitOrigin-RevId: 32037f69cbdd8089f908c483d1f1db24abd3545d
This CL upstreams a test for cookies in same-origin prerendered pages to the WPT. The behavior of cookies is not defined in the spec yet, but we already reached a consensus that the storage APIs including cookies in same-origin prerendered pages are just allowed. See the GitHub issue for details: WICG/nav-speculation#7 (comment) Bug: 1253158 Change-Id: I512a8e6b6f8a20f5464045900d67f8b2ef752266 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3232796 Reviewed-by: Lingqi Chi <[email protected]> Commit-Queue: Hiroki Nakagawa <[email protected]> Cr-Commit-Position: refs/heads/main@{#933299} NOKEYCHECK=True GitOrigin-RevId: 35c2fb20b3c4d292d60953972da269e29b7a62bf
For the reasons discussed in https://github.com/jeremyroman/alternate-loading-modes/blob/gh-pages/browsing-context.md, we need to block access to storage pre activation. There are at least two potential strategies for this:
Block all storage access, as if the user were on an opaque origin. Bucket hooks whatwg/storage#18 (comment) discusses some of the spec mechanisms we'd use.
Delay storage access, where possible. That is, synchronous storage access like
localStorage
anddocument.cookie
would still need to be blocked. However, any asynchronous calls, likeindexedDB.open()
, could just have their promise or callback refuse to settle until activation.A variant of (2), where we don't just delay that particular call, but we freeze the entire document upon any such call. This could make it less likely for other tasks on the event loop to get confused by the hanging promise.
Additionally, all of these have a variant where we treat cookies differently from other types of storage. For cookies, we could give access to a partitioned cookie store pre-activation, and then merge it with the unpartitioned cookie store post-activation. This is possible for cookies, and not for other types of storage, because cookies have a very simple data model for which it's possible to write a reasonable merge algorithm.
The text was updated successfully, but these errors were encountered: