Hi Yao,
I see that https://github.com/WICG/shared-storage/pull/152 is
still open, can that be landed before we ship this?
The PR landed just now.
Also, can you point to the tests for this change?
Yes.
cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html
<https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/shared-storage/cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html> is
a representative one. You can find other relevant tests in the same
repository, by searching for "cross-origin".
Best,
Yao
On Wed, Apr 24, 2024 at 4:02 PM Chris Harrelson
<chris...@chromium.org> wrote:
Thanks for the further explanation! It was very helpful.
LGTM1, but please make sure to land that open PR before shipping.
On Wed, Apr 24, 2024 at 10:48 AM Josh Karlin
<jkar...@chromium.org> wrote:
Hey folks, I wanted to provide a bit more context on this
change to help clarify the intention and any associated risks.
Today, when a third-party script runs on a page and wants to
write data to shared storage, or use their shared storage data
(e.g., create an aggregate report) under its own name, the
script first needs to create a x-origin iframe and pass the
data to that frame. This is because the origin used by shared
storage is that of the context. This is cumbersome to the
developer. They have to create an iframe document to listen
for data (e.g., via name attribute, url query param, or
postMessage) and act on that data (by writing to shared
storage or starting a worklet). It's also terrible for
resource usage and performance (the browser needs to navigate,
load a document, and execute js).
The primary focus of this change is to allow a third-party on
a page to invoke its own worklet (with access to its own
storage) directly, bypassing the need to create a x-origin
iframe. This is accomplished by allowing x-origin urls to be
specified in a new API, `window.sharedStorage.createWorklet
<https://github.com/WICG/shared-storage?tab=readme-ov-file#proposed-api-surface>`.
We are not changing the behavior of addModule, and we are not
changing the capabilities of worklets. We're just making it
easier to create x-origin worklets. In `createWorklet
<https://github.com/WICG/shared-storage?tab=readme-ov-file#proposed-api-surface>`,
if a x-origin URL is specified, the response will require both
`Shared-Storage-Cross-Origin-Worklet-Allowed: ?1` and CORS
(Access-Control-Allow-Origin). That is, embedding a x-origin
worklet is strictly opt-in. This is because a shared storage
worklet has side-effects (e.g., sending reports, or selecting
a url) which also consumes budget, and the worklet's origin
may want to control who gets to use it. They should also
(always a challenge on the web) take care to ensure that the
data that they're receiving from the embedder is valid.
Another useful aspect of introducing `createWorklet`, is that
it allows a document to host multiple shared storage worklets
and call methods on them individually. This makes it easier
for pages that might have multiple teams creating them, that
don't necessarily want to coordinate their shared storage
worklet scripts.
Best,
Josh
On Wed, Apr 24, 2024 at 1:19 PM Josh Karlin
<jkar...@chromium.org> wrote:
On Wed, Apr 24, 2024 at 11:52 AM Alex Russell
<slightly...@chromium.org> wrote:
Hey Josh,
I agree that it might not be helpful to ping Gecko and
WebKit on this, but it would still be helpful to
update the TAG on how this design is evolving.
Ack. I've updated the TAG thread
<https://github.com/w3ctag/design-reviews/issues/747#issuecomment-2075450880>.
From that perspective, I would expect the TAG to
request that we improve consistency by making
cross-origin workers (not just worklets) possible.
Where are we at on that?
Regards,
Alex
On Friday, April 19, 2024 at 12:58:17 PM UTC-7 Josh
Karlin wrote:
On Fri, Apr 19, 2024 at 1:59 PM Vladimir Levin
<vmp...@chromium.org> wrote:
On Fri, Apr 19, 2024 at 12:52 PM Yao Xiao
<yao...@chromium.org> wrote:
*Contact emails*
cam...@chromium.org
jkar...@chromium.org
yao...@chromium.org
rohitgu...@google.com
ashame...@google.com
*Explainer*
https://github.com/WICG/shared-storage
*Specification*
https://wicg.github.io/shared-storage/
*Additional anticipated specification changes*
https://github.com/WICG/shared-storage/pull/152
*Blink component*
Blink>Storage>SharedStorage
<https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EStorage%3ESharedStorage&can=2>
*Summary:*
We plan to ship the following changes to
the Shared Storage API:
* selectURL() and run() will be exposed
on the SharedStorageWorklet interface.
When calling on the default scoped
worklet (i.e.
sharedStorage.worklet.selectURL()/run()),
the behavior is equivalent to calling
sharedStorage.selectURL()/run().
* Users can create new worklets via
const worklet = await
sharedStorage.createWorklet(url,
options). This API can be used to
start multiple and potentially
cross-origin worklets from a single
document.
*Risks
*
*Interoperability and Compatibility*
The changes are fully backward compatible.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
Is it possible to file position requests?
(https://bit.ly/blink-signals)
Was there a TAG review filed for this as well?
Sorry, we should have specified that TAG, Gecko.
and Webkit are negative on shared storage as a
whole. So we did not ask for their opinion on this
particular change.
*WebView application risks*
/Does this intent deprecate or change
behavior of existing APIs, such that it
has potentially high risk for Android
WebView-based applications?
/None
*Security*
Because the worklet's context origin will
be that of the origin of the script URL,
both
"Shared-Storage-Cross-Origin-Worklet-Allowed:
?1" and CORS are required when fetching a
x-origin worklet script. Even so, it is
important that worklet script creators
understand the implications of this. Their
worklet, which accesses their origin's
Shared Storage data, can be loaded and
executed by a different party.
*Privacy*
In the case of creating or using a
cross-origin worklet, if the worklet
cannot be created because the user has
denied storage for that site, then the
promise will resolve (rather than reject)
to prevent leaking cross-site data. A
caller may still use timing attacks to
know this information, but this is a minor
privacy issue, as in reality very few
users would set such preferences, and
doing a wide search would incur a
significant performance cost spinning up
the worklets.
*Debuggability*
* Shared Storage database contents for
an origin can be viewed and modified
within DevTools.
* Shared Storage worklet can be
inspected within DevTools.
*Will this feature be supported on all six
Blink platforms (Windows, Mac, Linux,
Chrome OS, Android, and Android WebView)?*
All but WebView
Out of curiosity, why is WebView not supported
for this?
*Is this feature fully tested by
web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?*
Yes
*Finch feature name*
SharedStorageAPIM125
*Requires code in //chrome?*
No
*Estimated milestones*
We intend to ship in M125.
*Link to entry on the Chrome Platform Status*
https://chromestatus.com/feature/5145686840705024
--
You received this message because you are
subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop
receiving emails from it, send an email to
blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are
subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop
receiving emails from it, send an email to
blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2O7c2%2B%2B12PtuAS%2BSfHx0%2B8X6SuA7mr6saW%3DRVhewXkUHw%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2O7c2%2B%2B12PtuAS%2BSfHx0%2B8X6SuA7mr6saW%3DRVhewXkUHw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed
to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/af749e5f-d3fb-4901-9427-f49efe95410cn%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/af749e5f-d3fb-4901-9427-f49efe95410cn%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPuu4frRrmLq01eAsTAb2fMnQ_rZ3OJoz9dWd%3DVfQQBhA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPuu4frRrmLq01eAsTAb2fMnQ_rZ3OJoz9dWd%3DVfQQBhA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALYudgV0qYjc9goCzdeSBjQpy0rLTZ2rem_KCWGNBs7MzMH5pQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALYudgV0qYjc9goCzdeSBjQpy0rLTZ2rem_KCWGNBs7MzMH5pQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.