search

privacycg / storage-access

The Storage Access API
https://privacycg.github.io/storage-access/
199 stars 27 forks source link

Define storage access to be per-page. Handle when the user doesn't explicitly allow or deny. Fixes #3. Fixes #26. #27

Closed hober closed 4 years ago

Brandr0id commented 4 years ago

The change regarding https://github.com/privacycg/storage-access/issues/26 LGTM.

annevk commented 4 years ago

Thinking about this some more, I think what's missing here is some caching of this state on agent clusters or some such.

In particular, imagine the user opens https://site-a.example/ twice in different browsing context groups (i.e., no opener relation), called 1 and 2. And site-a embeds https://site-b.example/.

So site-b in 1 requests storage access and gets it. If site-b in 2 does hasStorageAccess() at this point it should not have changed, I think. If the user reloads 2, it should have changed.

hober commented 4 years ago

Thinking about this some more, I think what's missing here is some caching of this state on agent clusters or some such.

In particular, imagine the user opens https://site-a.example/ twice in different browsing context groups (i.e., no opener relation), called 1 and 2. And site-a embeds https://site-b.example/.

So site-b in 1 requests storage access and gets it. If site-b in 2 does hasStorageAccess() at this point it should not have changed, I think. If the user reloads 2, it should have changed.

I think you're right. I'd like to address this in a followup patch, if that's okay.

annevk commented 4 years ago

Sure.