Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define storage access to be per-page. Handle when the user doesn't explicitly allow or deny. Fixes #3. Fixes #26. #27

Merged
merged 12 commits into from
Apr 24, 2020
Merged

Define storage access to be per-page. Handle when the user doesn't explicitly allow or deny. Fixes #3. Fixes #26. #27

merged 12 commits into from
Apr 24, 2020

Conversation

hober
Copy link
Member

@hober hober commented Apr 16, 2020

No description provided.

This was linked to issues Apr 16, 2020
Per-Frame or Per-Page Storage Access #3
Closed
Define 'expression of permission' when user response is undefined #26
Closed
This was referenced Apr 16, 2020
Closed
Closed
@hober hober requested a review from johnwilander April 16, 2020 23:15
@Brandr0id
Copy link
Member

The change regarding #26 LGTM.

@hober hober self-assigned this Apr 18, 2020
annevk
annevk reviewed Apr 22, 2020
View reviewed changes
storage-access.bs Outdated Show resolved Hide resolved
@annevk
Copy link
Collaborator

annevk commented Apr 22, 2020

Thinking about this some more, I think what's missing here is some caching of this state on agent clusters or some such.

In particular, imagine the user opens https://site-a.example/ twice in different browsing context groups (i.e., no opener relation), called 1 and 2. And site-a embeds https://site-b.example/.

So site-b in 1 requests storage access and gets it. If site-b in 2 does hasStorageAccess() at this point it should not have changed, I think. If the user reloads 2, it should have changed.

@hober
Copy link
Member Author

hober commented Apr 23, 2020

Thinking about this some more, I think what's missing here is some caching of this state on agent clusters or some such.

In particular, imagine the user opens https://site-a.example/ twice in different browsing context groups (i.e., no opener relation), called 1 and 2. And site-a embeds https://site-b.example/.

So site-b in 1 requests storage access and gets it. If site-b in 2 does hasStorageAccess() at this point it should not have changed, I think. If the user reloads 2, it should have changed.

I think you're right. I'd like to address this in a followup patch, if that's okay.

@annevk
Copy link
Collaborator

annevk commented Apr 24, 2020

Sure.

hober referenced this pull request Apr 24, 2020
@hober
Merge pull request #24 from privacycg/hober-initial-spec
e9948ab 
Initial attempt at a spec.
@hober hober mentioned this pull request Apr 24, 2020
Closed
@hober hober merged commit 3c8e16e into gh-pages Apr 24, 2020
@hober hober deleted the hober-initial-spec branch April 24, 2020 19:02
johnwilander
johnwilander approved these changes Apr 24, 2020
View reviewed changes
Copy link
Collaborator

@johnwilander johnwilander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. None of my comments are blocking.

storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
storage-access.bs Show resolved Hide resolved
This was referenced Apr 28, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk annevk left review comments

@johnwilander johnwilander johnwilander approved these changes

Assignees

@hober hober

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Define 'expression of permission' when user response is undefined Per-Frame or Per-Page Storage Access
4 participants
@hober @Brandr0id @annevk @johnwilander