Skip to content
This repository was archived by the owner on Jan 28, 2026. It is now read-only.

Enable get() in fenced frames with network access revoked. #220

Merged
wanderview merged 12 commits into from
Feb 21, 2025
Merged

Enable get() in fenced frames with network access revoked. #220

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
d4f7157
Spec: Enable get() in fenced frames with network access revoked.
VergeA Jan 21, 2025
df5f480
Merge pull request #1 from WICG/main
VergeA Jan 21, 2025
365970a
Add permissions policy section.
VergeA Jan 21, 2025
2695c7f
Fixes
VergeA Jan 21, 2025
d89e086
Reorder addModule clause
VergeA Jan 21, 2025
19b3e89
More complete algo, doc updates
VergeA Jan 22, 2025
26b3fcb
Fix permissions policy build issue.
VergeA Jan 22, 2025
51c71fe
Fix missing divs.
VergeA Jan 22, 2025
86d8585
Fix preferences error and documentation sections.
VergeA Jan 23, 2025
e786201
Fix promise rejections
VergeA Jan 23, 2025
561c8f8
Merge branch 'main' into read2
VergeA Jan 29, 2025
f9be64f
Fix typo
VergeA Feb 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add permissions policy section.
  • Loading branch information
@VergeA
VergeA authored Jan 21, 2025
commit 365970afc58b1c7832f0bad6d8b7e5842301106f
12 changes: 10 additions & 2 deletions spec.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1880,6 +1880,9 @@ On the other hand, methods for getting data from the [=shared storage database=]
1. Let |context| be null.
1. If |globalObject| is a {{Window}}:
1. Set |context| to |globalObject|'s [=Window/browsing context=].
1. Let |document| be |context|'s [=active document=].
1. Let |origin| be |globalObject|'s [=relevant settings object=]'s [=environment settings object/origin=].
1. If the result of running [=Is feature enabled in document for origin?=] on "[=PermissionsPolicy/fenced-unpartitioned-storage-read=]", |document|, and |origin| is false, [=reject=] |promise| with an {{OperationError}}.
1. Let |navigable| be |globalObject|'s [=Window/navigable=].
1. If the result of [=determining if a navigable has fully revoked network=] given |navigable| is false, [=reject=] |promise| with an {{OperationError}}.
1. Else:
Expand Down Expand Up @@ -2392,9 +2395,14 @@ The [=obtain a lock manager=] algorithm should be prepended with the following s
Permissions Policy Integration {#permission}
============================================

This specification defines a [=policy-controlled feature=] identified by the string "<dfn for="PermissionsPolicy">shared-storage</dfn>," along with a second [=policy-controlled feature=] identified by "<dfn for="PermissionsPolicy">shared-storage-select-url</dfn>".
This specification defines three [=policy-controlled features=]:

"[=PermissionsPolicy/shared-storage=]" gates access to Shared Storage in general, whereas "[=shared-storage-select-url=]" adds an extra permission layer to {{SharedStorageWorklet/selectURL()}}. For each of these, the default allowlist is *.
1. "<dfn for="PermissionsPolicy">shared-storage</dfn>" gates access to Shared Storage in general.
1. "<dfn for="PermissionsPolicy">shared-storage-select-url</dfn>" adds an extra permission layer to {{SharedStorageWorklet/selectURL()}}
1. "<dfn for="PermissionsPolicy">fenced-unpartitioned-storage-read</dfn>" adds an extra permission layer to {{SharedStorage/get()}}, to
ensure it can only be invoked successfully from a {{Window}} if the {{Promise}} returned from {{Fence/disableUntrustedNetwork()}} has [=resolved=].

For each of these, the default allowlist is *.

Clear Site Data Integration {#clear}
====================================
Expand Down