Good to know about this new capability. In that case, yes we would prefer to only allow DT renewal for sites with existing registrations.
On Wed, Oct 9, 2024 at 4:37 AM Mike Taylor <miketa...@chromium.org> wrote: > On 10/8/24 8:15 AM, Camille Lamy wrote: > > Contact emails > > v...@chromium.org cl...@chromium.org > > Explainer > > > https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k > > Specification > > https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects > > Design docs Including the new security requirements > > > https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer > > Discussion how and what to gate > > https://github.com/whatwg/html/issues/4732 > > Summary > > ‘SharedArrayBuffers’ (SABs) on desktop platforms are restricted to > cross-origin isolated environments, matching the behavior we've recently > shipped on Android and Firefox. We've performed that change in Chrome 92. A > reverse OT was started to give developers the option to use SABs in case > they are not able to adopt cross origin isolation yet. > > We’ve worked with multiple internal and external users of the OT to > understand their use cases and why they can’t adopt yet. With > COEP:credentialless and iframes credentialless now available, the SAB non > COI usage went further down. > > Unfortunately, the cascading requirements of COEP are still a blocker for > COI adoption. Some of the users of the OT rely heavily on credentialled > cross-origin subresources, so credentialless modes are not an option for > them. And their apps are complex enough that they are still blocked on > child iframes supporting COEP. > > To address this, we’ve explored ways of enabling COI that would take > advantage of process isolation in order to waive requirements on child > frames to enforce COEP. > > We’ll be sending out the I2E for Document-Isolation-Policy in the coming > weeks and are aiming to OT it starting with M132. Giving developers 3 > milestones to verify and provide feedback, we’re aiming for a release in > M135. > > As we know the cascading is the final blocker for COI adoption and > therefore SAB usage on Desktop, we’re asking to extend the OT to M136. > > Blink component > > Blink>JavaScript > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EJavaScript> > > Search tags > > SharedArrayBuffer > <https://chromestatus.com/features#tags:SharedArrayBuffer>, SAB > <https://chromestatus.com/features#tags:SAB> > > TAG review https://github.com/w3ctag/design-reviews/issues/471 > TAG review status Closed > Risks Interoperability and Compatibility > > We expect this change to negatively impact developers using > `SharedArrayBuffer` today. Chrome was the only platform where SABs have > been available without COOP/COEP. Therefore we need to give developers the > right capabilities and a clear path forward to ensure they have enough time > to adopt. We aim to mitigate these risks by adopting a longer-than-usual > depreciation period with console warnings/issues and a reverse origin > trial. > > Good news is usage is down to ~0.0223% > <https://chromestatus.com/metrics/feature/popularity#V8SharedArrayBufferConstructedWithoutIsolation> > page loads and that other browsers have or are shipping SABs again gated > behind COOP/COEP. Bad news is that Chromium was the only browser that > supported SABs without COI, therefore we need to provide a migration path > to not break existing sites. > > Looking at > https://chromestatus.com/metrics/feature/timeline/popularity/3721 - it > seems that usage has ~doubled in the past month. Do you have any concerns > about this? Have you considered only allowing DT renewals for sites with > existing registrations (that's a new capability we have)? > > Gecko: Shipped/Shipping ( > https://bugzilla.mozilla.org/show_bug.cgi?id=1312446) > > WebKit: Added COOP/COEP and SAB support recently gated behind COOP/COEP > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? > > No - This OT is only for desktop, as this was the only platform where SABs > have been available without COOP/COEP. > > Android re-enabled SABs gated behind COOP/COEP: > https://chromestatus.com/feature/5171863141482496 > > Tracking bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=1144104 > > Launch bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=1138860 > > Blink-dev Thread > > Planning isolation requirements (COOP/COEP) for SharedArrayBuffer > <https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg/m/QzWOGv7pAQAJ> > > I2S > <https://groups.google.com/a/chromium.org/g/blink-dev/c/1NKvbIj3dq4/m/nLcgUst-BQAJ> > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/4570991992766464 > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvrpixJJCauj5Y2ZKFezu%2BrMi5NGQ0PrHrcq-my5%2BxMr-w%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvrpixJJCauj5Y2ZKFezu%2BrMi5NGQ0PrHrcq-my5%2BxMr-w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvp6KBM5LW1Vt8g1Zvz_K6mQtDk3BnB6NRj%2B96Hoxpud_A%40mail.gmail.com.
