Contact emails v...@chromium.org cl...@chromium.org
Explainer https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k Specification https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects Design docs Including the new security requirements https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer Discussion how and what to gate https://github.com/whatwg/html/issues/4732 Summary ‘SharedArrayBuffers’ (SABs) on desktop platforms are restricted to cross-origin isolated environments, matching the behavior we've recently shipped on Android and Firefox. We've performed that change in Chrome 92. A reverse OT was started to give developers the option to use SABs in case they are not able to adopt cross origin isolation yet. We’ve worked with multiple internal and external users of the OT to understand their use cases and why they can’t adopt yet. With COEP:credentialless and iframes credentialless now available, the SAB non COI usage went further down. Unfortunately, the cascading requirements of COEP are still a blocker for COI adoption. Some of the users of the OT rely heavily on credentialled cross-origin subresources, so credentialless modes are not an option for them. And their apps are complex enough that they are still blocked on child iframes supporting COEP. To address this, we’ve explored ways of enabling COI that would take advantage of process isolation in order to waive requirements on child frames to enforce COEP. We’ve sent out the I2P for Document-Isolation-Policy and are aiming to OT it starting with M128. Giving developers 3 milestones to verify and provide feedback, we’re aiming for a release in M131. As we know the cascading is the final blocker for COI adoption and therefore SAB usage on Desktop, we’re asking to extend the OT to M131. Blink component Blink>JavaScript <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EJavaScript> Search tags SharedArrayBuffer <https://chromestatus.com/features#tags:SharedArrayBuffer> , SAB <https://chromestatus.com/features#tags:SAB> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/471 TAG review statusClosed RisksInteroperability and Compatibility We expect this change to negatively impact developers using `SharedArrayBuffer` today. Chrome was the only platform where SABs have been available without COOP/COEP. Therefore we need to give developers the right capabilities and a clear path forward to ensure they have enough time to adopt. We aim to mitigate these risks by adopting a longer-than-usual depreciation period with console warnings/issues and a reverse origin trial. Good news is usage is down to ~0.0777% <https://chromestatus.com/metrics/feature/popularity#V8SharedArrayBufferConstructedWithoutIsolation> page loads and that other browsers have or are shipping SABs again gated behind COOP/COEP. Bad news is that Chromium was the only browser that supported SABs without COI, therefore we need to provide a migration path to not break existing sites. Gecko: Shipped/Shipping ( https://bugzilla.mozilla.org/show_bug.cgi?id=1312446) WebKit: Added COOP/COEP and SAB support recently gated behind COOP/COEP Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? No - This OT is only for desktop, as this was the only platform where SABs have been available without COOP/COEP. Android re-enabled SABs gated behind COOP/COEP: https://chromestatus.com/feature/5171863141482496 Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1144104 Launch bug https://bugs.chromium.org/p/chromium/issues/detail?id=1138860 Blink-dev Thread Planning isolation requirements (COOP/COEP) for SharedArrayBuffer <https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg/m/QzWOGv7pAQAJ> I2S <https://groups.google.com/a/chromium.org/g/blink-dev/c/1NKvbIj3dq4/m/nLcgUst-BQAJ> Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4570991992766464 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvrmoF0hRkDzA3U0pVW-dXHvWZ1Objr4eABsy%2BJOPgmJUg%40mail.gmail.com.
