Mark IDBTransaction's commit() method as [SecureContext] ?

[inexorabletash]

As noted in https://github.com/w3c/IndexedDB/pull/242#issuecomment-427604894 by @asutherland the new commit() method on IDBTransaction would likely be marked [SecureContext] in Gecko to satisfy that org's policy.

We (at least, in the spec/in Chrome) didn't do this with IDBFactory's databases() method; in part because it allows maintenance of existing origin-scoped browsing data which may be present for non-secure origins.

I'm on the fence here. On the one hand, I'm sympathetic to the goals of driving everything towards secure contexts. On the other, it's weird to have methods within an overall API have different exposure just based on when they were introduced - yet another "gotcha!" for web developers.

I could probably be convinced to plop [SecureContext] in and it's not too late to add that in Chrome, and we can see if developers complain; I suspect modern development by anyone motivated enough to have an opinion is on secure contexts anyway, so the aesthetic/confusion argument is moot.

[inexorabletash]

TPAC 2019 WebApps breakout:

Per @asutherland, we should hold off. Not clear if Moz will push for requiring this attribute.

[inexorabletash]

TPAC 2019 Web Apps Indexed DB triage notes:

@asutherland - can you update when you have more data?

[inexorabletash]

@marcoscaceres - can you add @asutherland as a contributor or whatever magic would allow assigning this issue?

[marcoscaceres]

Done. @inexorabletash, made you repo admin also.

[asutherland]

We're sending out our intent to implement soon. Our implementing bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1497007 which should also get archival links to those mails once they go out. (Note that although a ton of patches have landed, those are just cleanups, the actual implementation has not landed.)