whatwg / storage

Storage Standard
https://storage.spec.whatwg.org/
Other
126 stars 55 forks source link

Callback on every site accessing non-cookie storage #165

Open amaliev opened 1 year ago

amaliev commented 1 year ago

I'm trying to get a callback for every site that accesses any form of non-cookie storage. Which is the best algorithm to monkey patch from the Storage spec? I'm considering "obtain a storage key", but I'm not clear on the flow. Is this algorithm called once the first time an origin accesses local or session storage, and never before then? Also, could the browser run this algorithm for a non-site reason?

CC @inexorabletash @asutherland

inexorabletash commented 1 year ago

(Apologies for a rambling reply; I'm feeling under the weather at the moment but this does raise good questions so I thought I'd weigh in.)

Integration of the actual storage endpoint API specs with Storage's bucket/bottle/etc model is very much a work in progress (at very low priority), and IMHO will likely require some tweaks to the Storage model. I believe the currently intended hook is defined in https://storage.spec.whatwg.org/#model and so you'd hook "obtain a storage bottle map".

But again, this is all very much spec fiction at the moment and I think it's fair to say (but I'm happy to be corrected!) that we haven't done the work to align the specs with reality or vice versa, so it's difficult to answer the "could the browser run this algorithm for a non-site reason?" question. For example, I think user-initiated clearing browsing data would count?

Non-storage APIs that need to follow the storage partitioning (e.g. BroadcastChannel, Web Locks, etc) also need a way to play here, and behind the scenes I assume the implementations use the storage keys, though that's not exported from Storage.

mkruisselbrink commented 1 year ago

Non-storage APIs that need to follow the storage partitioning (e.g. BroadcastChannel, Web Locks, etc) also need a way to play here, and behind the scenes I assume the implementations use the storage keys, though that's not exported from Storage.

For such APIs, the storage spec currently exports the "obtain a storage key for non-storage purposes" definition: https://storage.spec.whatwg.org/#obtain-a-storage-key-for-non-storage-purposes, which at least BroadcastChannel already uses in the spec.