search

WICG / Realms-Initialization-Control

Introduce security controls to same origin realms in web applications
MIT License
15 stars 0 forks source link

Are workers in scope? #5

Closed yoavweiss closed 2 months ago

yoavweiss commented 6 months ago

They are mentioned as part of the terminology definition, but aren't mentioned elsewhere.

weizman commented 6 months ago

Great question,

Workers are part of the terminology definition because they are an important example to properly explaining what realms are.

However, in context of this proposal, Workers aren't relevant because the same origin concern refers to realms that have synchronous access to each other's graph, and by that can access/manipulate each other's internal intrinsics, DOM, global object, execution environment and more.

Easiest way to test this mentally is by telling whether Array of another realm is accessible to your realm or not:

// in scope ("ƒ Array() { [native code] }")
document.body.appendChild(document.createElement('iframe')).contentWindow.Array;
open('about:blank').Array;

These techniques aren't relevant with Workers (no such access exists) and that's why they're out of scope here.

yoavweiss commented 6 months ago

Can't subworkers be used to e.g. grab overridden native prototypes from the global scope?

weizman commented 6 months ago

I'm not familiar with the term sub workers, but if you're referring to https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers then the answer is no

eligrey commented 4 months ago

I would like Web Workers to be in scope here. It helps support my use case for client-side network controls.

eligrey commented 2 months ago

@weizman You list "Application Monitoring" as a supported use case, yet you claim in this thread that solving the same-origin concern is the only supported use case in-scope. Workers are commonly used in web applications.

Please clarify.

weizman commented 2 months ago

Solving the same origin concern by introducing this change to browsers will help support monitoring use cases.

Leaving workers outside of scope does not make that statement less true.

I don't see the contradiction you suggest.

Please clarify.

And as for why it's left outside of scope, my reply in the thread above still stands, it's just a specific problem we're focusing on, and workers aren't part of it.

eligrey commented 2 months ago

Am I right to say that the only supported use cases are those that involve solving security aspects of the same-origin concern?