Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is this an error in the spec: Chromium using storage-access-api and not request-storage-access for permissions policy #104

Closed
summercms opened this issue May 23, 2022 · 4 comments
Closed

Is this an error in the spec: Chromium using storage-access-api and not request-storage-access for permissions policy #104

summercms opened this issue May 23, 2022 · 4 comments
Assignees
@johannhof

Comments

@summercms
Copy link

summercms commented May 23, 2022
edited
Loading

The spec say's:

The Storage Access API defines a policy-controlled feature identified by the string "request-storage-access". Its default allowlist is "*".

Link: https://privacycg.github.io/storage-access/#permissions-policy-integration

Yet in the Chromium source code says: the policy name is: storage-access-api and not request-storage-access ?

{
      name: "StorageAccessAPI",
      feature_default: "EnableForAll",
      permissions_policy_name: "storage-access-api",
      depends_on: ["StorageAccessAPI"],
},

Link: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/permissions_policy/permissions_policy_features.json5

Just wondering if there is an issue in the spec or not? Or is the code in Chromium wrong?

cc @johannhof As one of the editors and on the Chrome team.
This was referenced May 23, 2022
Closed
Closed
Closed
summercms added a commit to summercms/webappsec-permissions-policy that referenced this issue May 24, 2022
@summercms
Add storage-access-api / request-storage-access - need to update
051d656 
see issue: privacycg/storage-access#104
@johannhof
Copy link
Member

Thanks for noticing this and sorry for the delay! Given that neither Safari nor Firefox have shipped this name I think the spec should align with the only existing implementation. There were some concerns with the storage-access name in #12 but the -api part might help with that. I can make a PR for updating this in the spec.

@johannhof johannhof self-assigned this Jun 23, 2022
johannhof added a commit to johannhof/storage-access that referenced this issue Jul 18, 2022
@johannhof
Change permission policy feature name to "storage-access" (fixes priv…
d1d54fc 
…acycg#104)

This was discussed before in privacycg#12 and there was some valid concern around
the "storage-access" name based on the fact that this PP feature is more
focused on "requesting" storage access, and there is no delegation
mechanism like with other permissions that would make it semantically
consistent.

However, I think that in light of privacycg#32 and the possibility of integrating
with the permissions API (giving us important functionality such as
observing when storage access is granted) it seems more useful to be
consistent with the (future) permission name and call both "storage-access".
@johannhof
Copy link
Member

To follow up here, we'll rename this in Chromium to "storage-access" and I also made that change on the spec.

@CetinSert
Copy link

CetinSert commented Aug 14, 2022
edited
Loading

@johannhof – when is the Storage Access API shipping in Chrome?
Chrome is the only and most major browser still not shipping it:
https://caniuse.com/mdn-api_document_requeststorageaccess

@johannhof
Copy link
Member

Hi @CetinSert, I don't have a definitive date yet but we just sent out an intent to prototype for requestStorageAccessForSite in addition to the existing I2P from Microsoft Edge. It's easiest to follow the Chromestatus entries for both efforts for timely updates.

aarongable pushed a commit to chromium/chromium that referenced this issue Aug 17, 2022
@Brandr0id
Update SAA Permission Policy
aba6574 
With the update of the SAA spec and resolution of
privacycg/storage-access#104 this change
updates the in-code permission policy from `storage-access-api` to
`storage-access`.

Bug: 1332577
Change-Id: Ic07185b8d9e9d456d20aaee418af8b495574940b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3830029
Reviewed-by: Nicolas Arciniega <niarci@microsoft.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Brandon Maslen <brandm@microsoft.com>
Reviewed-by: Chris Fredrickson <cfredric@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1036172}
mjfroman pushed a commit to mjfroman/moz-libwebrtc-third-party that referenced this issue Oct 14, 2022
@Brandr0id @copybara-github
Update SAA Permission Policy
19ceee0 
With the update of the SAA spec and resolution of
privacycg/storage-access#104 this change
updates the in-code permission policy from `storage-access-api` to
`storage-access`.

Bug: 1332577
Change-Id: Ic07185b8d9e9d456d20aaee418af8b495574940b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3830029
Reviewed-by: Nicolas Arciniega <niarci@microsoft.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Brandon Maslen <brandm@microsoft.com>
Reviewed-by: Chris Fredrickson <cfredric@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1036172}
NOKEYCHECK=True
GitOrigin-RevId: aba6574d3e61a1648c85b30fcd34786fa89aac4d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johannhof johannhof

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@CetinSert @johannhof @summercms