Closed xyaoinum closed 5 months ago
@pythagoraskitty: PTAL. Thanks! (After it's looking okay from your end, I will also request review from a spec mentor.)
Suggest we move the {#reporting} and {#budgets} subsubsections of {#window} up to be subsections of the {#worklet} section instead. I have no strong preference about the ordering within that section, but you could probably just tack them on the end of it after {#scope-algo}.
I've looked at most, except need to give a closer read to the new versions of selectURL()
and run()
sometime when I am less tired. :)
Hopefully will get to in the next couple of days. Otherwise looks good % comments.
Finished checking. Looks good % comments. :)
Thanks Cammie. I did some more changes around dividing the permissions checks, as explained in the comment above. PTAL again!
@domfarolino : PTAL from the spec's perspective. Thanks!
@domfarolino : friendly ping! Also adding @wanderview as an alternative reviewer, who may be able to cover the review this week when Dominic is OOO. Thanks! The idea is to make the spec good enough to unblock launch. We can track non-blocking issues separately if applicable.
Thanks @domfarolino for the detailed review. I've addressed / responded to your comments. PTAL again. Thanks!
@domfarolino For comment https://github.com/WICG/shared-storage/pull/131#discussion_r1508141219, strangely, there's no way to respond, so I'm writing my response here:
|workletOrigin|
is a valid URL's (i.e. |moduleURLRecord|
) origin. How can it be null? Do you mean opaque? In that case, opaque origin can be handled by "determine whether shared storage is allowed by context".
Also, I think it might make it more readable to put the [=addModule initiated=] check to be front of the algorithm, and assert that |worklet|'s [=worklet origin=]
is null afterwards. WDYT?
@domfarolino I addressed you last comments. PTAL again. Thanks!
Responding to https://github.com/WICG/shared-storage/pull/131#issuecomment-1972259132.
|workletOrigin| is a valid URL's (i.e. |moduleURLRecord|) origin. How can it be null? Do you mean opaque? In that case, opaque origin can be handled by "determine whether shared storage is allowed by context".
Hmm, I can't remember exactly what I was thinking, but I probably was responding to the PR when we handled the URL manually before steps 1-3 in https://html.spec.whatwg.org/C#dom-worklet-addmodule did all of the URL parsing work.
In that case, the URL could be invalid and I guess a failure (but not null, you're right)? Either way, it looks OK now, since we're doing this after HTML's addModule()
gets a first crack at parsing the URL.
Also, I think it might make it more readable to put the [=addModule initiated=] check to be front of the algorithm, and assert that |worklet|'s [=worklet origin=] is null afterwards. WDYT?
I think that sounds fine.
@domfarolino PTAL again. Thanks!
Also, responding to https://github.com/WICG/shared-storage/pull/131#discussion_r1520124784 here, as again, I see no way to respond to that comment inline: "re: I think you are right. The module map check is redundant. Switched to an [=Assert=]."
@domfarolino: I addressed / responded to you comments (other than the one waiting on @gtanzer). PTAL again. Thanks!
@domfarolino: I addressed / responded to your comments (% those that waiting for input from @pythagoraskitty and @gtanzer). PTAL again. Thanks!
@domfarolino I think all the comments are addresses / has a response. (and one confirmation question for @gtanzer : https://github.com/WICG/shared-storage/pull/131#discussion_r1532579499) PTAL again. Thanks!
@domfarolino friendly ping. Thanks! (Note also that I just updated this patch to include a "Shared-Storage-Worklet-Allowed: ?1" response header check, which was based on a security review feedback (i.e. relying solely on CORS isn't considered safe enough)).
Can you separate out the header code from this PR to review separately? I just want to avoid piling more things onto this CL which is already massive and difficult to review.
Btw has https://github.com/WICG/shared-storage/pull/131#discussion_r1525068567 been address anywhere? I don't see a way to respond to it directly right now, but I can't tell if it has been addressed or commented on really.
Edit: Yes it has, per https://github.com/WICG/shared-storage/pull/131#issuecomment-2048069601.
@domfarolino I addressed the comments, and took out the header part to make this patch smaller. PTAL again. Thanks! Also, responding to your comments below that I'm unable to respond inline:
For comment https://github.com/WICG/shared-storage/pull/131#discussion_r1559612418: I updated it to [=shared storage navigation budget charged=]" which I feel is more clear.
For https://github.com/WICG/shared-storage/pull/131#issuecomment-2047892683: Yes it's been addressed. The location is: "1. If |options|["resolveToConfig
"] is true, [=resolve=] |resultPromise| with |pendingConfig|."
@domfarolino I've addressed / responded to your comments. PTAL again. Thanks! @gtanzer Please confirm if my understanding in https://github.com/WICG/shared-storage/pull/131#discussion_r1563622906 is correct. Thanks!
Thanks for the thorough review @domfarolino . (For the last few comments, I think you might looked at an outdated version of the patch? The comments in question should have already been addressed.)
Applies to issue #2
const worklet = await sharedStorage.createWorklet(url, options)
. This can be used to start multiple and potentially cross-origin worklets from a single document.Preview | Diff