privacycg / nav-tracking-mitigations

Navigation-based Tracking Mitigations
https://privacycg.github.io/nav-tracking-mitigations/
35 stars 16 forks source link

Include storage access from dedicated and shared workers #57

Closed amaliev closed 1 year ago

amaliev commented 1 year ago

The current spec handles service worker activation as a storage access (similar to the cookie write / fetch case). But it doesn't account for the other two types of web workers - dedicated and shared workers. The general storage algorithm references the target navigable, but this doesn't work correctly for worker threads.

On a related note, there is a bug in the general storage access algorithm - target browsing context is null for loaded documents. Per wanderview@, the correct way to access the target navigable, in the general case, is:

1) Check if the environment is an environment settings object or not. If not, then its for a navigation request and you can use target browsing context. 2) If its an environment settings object then its either a document window or worker. In either case I think you can get to the global via the realm execution context or similar field. 3) The global will then either be a Window or a WorkerGlobal. The Window can trace to the navigable, the WorkerGlobal will need to be handled differently.