>
> Hi Yao,

I see that https://github.com/WICG/shared-storage/pull/152 is still open,
> can that be landed before we ship this?

The PR landed just now.

Also, can you point to the tests for this change?

Yes.
cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html
<https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/shared-storage/cross-origin-worklet-select-url-and-verify-data-origin.tentative.https.sub.html>
is
a representative one. You can find other relevant tests in the same
repository, by searching for "cross-origin".

Best,
Yao


On Wed, Apr 24, 2024 at 4:02 PM Chris Harrelson <chris...@chromium.org>
wrote:

> Thanks for the further explanation! It was very helpful.
>
> LGTM1, but please make sure to land that open PR before shipping.
>
> On Wed, Apr 24, 2024 at 10:48 AM Josh Karlin <jkar...@chromium.org> wrote:
>
>> Hey folks, I wanted to provide a bit more context on this change to help
>> clarify the intention and any associated risks.
>>
>> Today, when a third-party script runs on a page and wants to write data
>> to shared storage, or use their shared storage data (e.g., create an
>> aggregate report) under its own name, the script first needs to create a
>> x-origin iframe and pass the data to that frame. This is because the origin
>> used by shared storage is that of the context. This is cumbersome to the
>> developer. They have to create an iframe document to listen for data (e.g.,
>> via name attribute, url query param, or postMessage) and act on that data
>> (by writing to shared storage or starting a worklet). It's also terrible
>> for resource usage and performance (the browser needs to navigate, load a
>> document, and execute js).
>>
>> The primary focus of this change is to allow a third-party on a page to
>> invoke its own worklet (with access to its own storage) directly, bypassing
>> the need to create a x-origin iframe. This is accomplished by allowing
>> x-origin urls to be specified in a new API, `window.sharedStorage.
>> createWorklet
>> <https://github.com/WICG/shared-storage?tab=readme-ov-file#proposed-api-surface>`.
>> We are not changing the behavior of addModule, and we are not changing the
>> capabilities of worklets. We're just making it easier to create x-origin
>> worklets. In `createWorklet
>> <https://github.com/WICG/shared-storage?tab=readme-ov-file#proposed-api-surface>`,
>> if a x-origin URL is specified, the response will require both
>> `Shared-Storage-Cross-Origin-Worklet-Allowed: ?1` and CORS
>> (Access-Control-Allow-Origin). That is, embedding a x-origin worklet is
>> strictly opt-in. This is because a shared storage worklet has side-effects
>> (e.g., sending reports, or selecting a url) which also consumes budget, and
>> the worklet's origin may want to control who gets to use it. They should
>> also (always a challenge on the web) take care to ensure that the data that
>> they're receiving from the embedder is valid.
>>
>> Another useful aspect of introducing `createWorklet`, is that it allows a
>> document to host multiple shared storage worklets and call methods on them
>> individually. This makes it easier for pages that might have multiple teams
>> creating them, that don't necessarily want to coordinate their shared
>> storage worklet scripts.
>>
>> Best,
>>
>> Josh
>>
>>
>> On Wed, Apr 24, 2024 at 1:19 PM Josh Karlin <jkar...@chromium.org> wrote:
>>
>>>
>>>
>>> On Wed, Apr 24, 2024 at 11:52 AM Alex Russell <slightly...@chromium.org>
>>> wrote:
>>>
>>>> Hey Josh,
>>>>
>>>> I agree that it might not be helpful to ping Gecko and WebKit on this,
>>>> but it would still be helpful to update the TAG on how this design is
>>>> evolving.
>>>>
>>>
>>> Ack. I've updated the TAG thread
>>> <https://github.com/w3ctag/design-reviews/issues/747#issuecomment-2075450880>
>>> .
>>>
>>>
>>>>
>>>> From that perspective, I would expect the TAG to request that we
>>>> improve consistency by making cross-origin workers (not just worklets)
>>>> possible. Where are we at on that?
>>>>
>>>> Regards,
>>>>
>>>> Alex
>>>>
>>>> On Friday, April 19, 2024 at 12:58:17 PM UTC-7 Josh Karlin wrote:
>>>>
>>>>> On Fri, Apr 19, 2024 at 1:59 PM Vladimir Levin <vmp...@chromium.org>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Apr 19, 2024 at 12:52 PM Yao Xiao <yao...@chromium.org>
>>>>>> wrote:
>>>>>>
>>>>>>> *Contact emails*
>>>>>>> cam...@chromium.org
>>>>>>> jkar...@chromium.org
>>>>>>> yao...@chromium.org
>>>>>>> rohitgu...@google.com
>>>>>>> ashame...@google.com
>>>>>>>
>>>>>>> *Explainer*
>>>>>>> https://github.com/WICG/shared-storage
>>>>>>>
>>>>>>> *Specification*
>>>>>>> https://wicg.github.io/shared-storage/
>>>>>>>
>>>>>>> *Additional anticipated specification changes*
>>>>>>> https://github.com/WICG/shared-storage/pull/152
>>>>>>>
>>>>>>> *Blink component*
>>>>>>> Blink>Storage>SharedStorage
>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EStorage%3ESharedStorage&can=2>
>>>>>>>
>>>>>>> *Summary:*
>>>>>>> We plan to ship the following changes to the Shared Storage API:
>>>>>>>
>>>>>>>    - selectURL() and run() will be exposed on the
>>>>>>>    SharedStorageWorklet interface. When calling on the default scoped 
>>>>>>> worklet
>>>>>>>    (i.e. sharedStorage.worklet.selectURL()/run()), the behavior is 
>>>>>>> equivalent
>>>>>>>    to calling sharedStorage.selectURL()/run().
>>>>>>>    - Users can create new worklets via const worklet = await
>>>>>>>    sharedStorage.createWorklet(url, options). This API can be used to 
>>>>>>> start
>>>>>>>    multiple and potentially cross-origin worklets from a single 
>>>>>>> document.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *Risks*
>>>>>>> *Interoperability and Compatibility*
>>>>>>> The changes are fully backward compatible.
>>>>>>>
>>>>>>> Gecko: No signal
>>>>>>> WebKit: No signal
>>>>>>> Web developers: No signals
>>>>>>> Other signals:
>>>>>>>
>>>>>>
>>>>>> Is it possible to file position requests? (
>>>>>> https://bit.ly/blink-signals)
>>>>>>
>>>>>
>>>>>> Was there a TAG review filed for this as well?
>>>>>>
>>>>>
>>>>>
>>>>> Sorry, we should have specified that TAG, Gecko. and Webkit are
>>>>> negative on shared storage as a whole. So we did not ask for their opinion
>>>>> on this particular change.
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> *WebView application risks*
>>>>>>>
>>>>>>> *Does this intent deprecate or change behavior of existing APIs,
>>>>>>> such that it has potentially high risk for Android WebView-based
>>>>>>> applications?*None
>>>>>>>
>>>>>>> *Security*
>>>>>>> Because the worklet's context origin will be that of the origin of
>>>>>>> the script URL, both "Shared-Storage-Cross-Origin-Worklet-Allowed: ?1" 
>>>>>>> and
>>>>>>> CORS are required when fetching a x-origin worklet script. Even so, it 
>>>>>>> is
>>>>>>> important that worklet script creators understand the implications of 
>>>>>>> this.
>>>>>>> Their worklet, which accesses their origin's Shared Storage data, can be
>>>>>>> loaded and executed by a different party.
>>>>>>>
>>>>>>> *Privacy*
>>>>>>> In the case of creating or using a cross-origin worklet, if the
>>>>>>> worklet cannot be created because the user has denied storage for that
>>>>>>> site, then the promise will resolve (rather than reject) to prevent 
>>>>>>> leaking
>>>>>>> cross-site data. A caller may still use timing attacks to know this
>>>>>>> information, but this is a minor privacy issue, as in reality very few
>>>>>>> users would set such preferences, and doing a wide search would incur a
>>>>>>> significant performance cost spinning up the worklets.
>>>>>>>
>>>>>>> *Debuggability*
>>>>>>>
>>>>>>>    - Shared Storage database contents for an origin can be viewed
>>>>>>>    and modified within DevTools.
>>>>>>>    - Shared Storage worklet can be inspected within DevTools.
>>>>>>>
>>>>>>>
>>>>>>> *Will this feature be supported on all six Blink platforms (Windows,
>>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)?*
>>>>>>> All but WebView
>>>>>>>
>>>>>>
>>>>>> Out of curiosity, why is WebView not supported for this?
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> *Is this feature fully tested by web-platform-tests
>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?*
>>>>>>> Yes
>>>>>>>
>>>>>>> *Finch feature name*
>>>>>>> SharedStorageAPIM125
>>>>>>>
>>>>>>> *Requires code in //chrome?*
>>>>>>> No
>>>>>>>
>>>>>>> *Estimated milestones*
>>>>>>> We intend to ship in M125.
>>>>>>>
>>>>>>> *Link to entry on the Chrome Platform Status*
>>>>>>> https://chromestatus.com/feature/5145686840705024
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "blink-dev" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to blink-dev+unsubscr...@chromium.org.
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org
>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "blink-dev" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to blink-dev+unsubscr...@chromium.org.
>>>>>>
>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2O7c2%2B%2B12PtuAS%2BSfHx0%2B8X6SuA7mr6saW%3DRVhewXkUHw%40mail.gmail.com
>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2O7c2%2B%2B12PtuAS%2BSfHx0%2B8X6SuA7mr6saW%3DRVhewXkUHw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "blink-dev" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to blink-dev+unsubscr...@chromium.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/af749e5f-d3fb-4901-9427-f49efe95410cn%40chromium.org
>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/af749e5f-d3fb-4901-9427-f49efe95410cn%40chromium.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "blink-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to blink-dev+unsubscr...@chromium.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPuu4frRrmLq01eAsTAb2fMnQ_rZ3OJoz9dWd%3DVfQQBhA%40mail.gmail.com
>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPuu4frRrmLq01eAsTAb2fMnQ_rZ3OJoz9dWd%3DVfQQBhA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALYudgV0qYjc9goCzdeSBjQpy0rLTZ2rem_KCWGNBs7MzMH5pQ%40mail.gmail.com.

Reply via email to