Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Partition Blob URL fetches by Storage Key #1783

Merged
merged 11 commits into from
Dec 9, 2024
Merged

Partition Blob URL fetches by Storage Key #1783

merged 11 commits into from
Dec 9, 2024

Conversation

recvfrom
Copy link
Contributor

@recvfrom recvfrom commented Oct 25, 2024

Partition Blob URL fetches by Storage Key

This change updates the spec to partition Blob URL fetches by Storage Key. This change is part of broader changes discussed in w3c/FileAPI#153 (comment). Specifically, we will also:

I considered incorporating the Storage Key checks into the "resolve a blob URL" algorithm instead, but it seemed that this would require an environment settings object to be available as part of https://url.spec.whatwg.org/#url-parsing, and I'm not sure whether that is the case / a change we want.

(See WHATWG Working Mode: Changes for more details.)


Preview | Diff

@recvfrom
Copy link
Contributor Author

@annevk would you be able to look at this PR as well? Or could you recommend another reviewer? Thank you!

@recvfrom
Copy link
Contributor Author

@domenic would you mind taking a look at this when you have a chance?

fetch.bs Outdated
prevented from succeeding if the <a spec=storage>storage key</a> of the
<a>environment settings object</a> making the request is different than the
<a spec=storage>storage key</a> of the <a>environment settings object</a> corresponding to where
the Blob URL was created.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels like it would work better after line 5028, instead of near this algorithm.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking this would make sense in the Infrastructure section like how the HTTP cache partitioning section and determine the HTTP cache partition algorithm are, but I've moved the algorithm under the Scheme fetch section now (and removed the note since it seems kinda out of place now. WDYT?

fetch.bs Outdated Show resolved Hide resolved
fetch.bs Outdated Show resolved Hide resolved
fetch.bs Outdated Show resolved Hide resolved
fetch.bs Outdated Show resolved Hide resolved
Copy link
Member

@domenic domenic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-editor LGTM

fetch.bs Outdated Show resolved Hide resolved
@annevk
Copy link
Member

annevk commented Nov 22, 2024

I'm a little worried about this approach as it means obtaining and revoking are maintained in independent specifications, but need to be kept synchronized to maintain the privacy and security boundary.

I think a more ideal setup would be that File API keeps the Blob objects out of reach (i.e., they're no longer directly accessible from a 'blob URL entry') and instead exposes some kind of "obtain" algorithm that we hand the 'blob URL entry' and current 'environment' (or maybe a storage key). That way File API can stay in charge of obtaining and revoking and most of the logic associated with that. And Fetch can mainly concern itself with translating a Blob into a response.

@domenic
Copy link
Member

domenic commented Nov 22, 2024

It looks like there aren't too many references to the blob URL entry's object... https://dontcallmedom.github.io/webdex/o.html#object%40%40blob%20URL%20entry%40dfn

@annevk
Copy link
Member

annevk commented Nov 22, 2024

Nice, the HTML find is legit and would also need to be updated I suspect. It would benefit from having the obtaining defined in File API so there's less need for duplication. Reporting API seems bogus: w3c/reporting#273. Web Authentication API seems similarly bogus: w3c/webauthn#2212.

@recvfrom
Copy link
Contributor Author

Thanks for the feedback, I've updated my FileAPI PR [1] to expose an obtain algorithm as recommended here, and I've updated this PR to use it. One question I thought more about was what to do when the request doesn't have an associated environment... It seems like for Blob URLs we should allow navigations to bypass the partitioning checks, but otherwise we should just fail (this seems in line with the Chromium implementation at least). WDYT?

[1] https://github.com/w3c/FileAPI/pull/201/files

@recvfrom
Copy link
Contributor Author

A draft PR for the HTML spec change is at: whatwg/html#10792

Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for reworking this so quickly!

fetch.bs Outdated Show resolved Hide resolved
fetch.bs Outdated Show resolved Hide resolved
fetch.bs Outdated Show resolved Hide resolved
Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for improving this aspect of blob: URLs!

fetch.bs Outdated Show resolved Hide resolved
fetch.bs Outdated Show resolved Hide resolved
@recvfrom
Copy link
Contributor Author

recvfrom commented Dec 6, 2024

Thanks again for improving this aspect of blob: URLs!

NP, thanks for all of your helpful review feedback and guidance!

annevk pushed a commit to whatwg/html that referenced this pull request Dec 9, 2024
As suggested in whatwg/fetch#1783 (comment), this change updates an existing use of blob URL entry's object so that the "obtain a blob object" algorithm is used instead. This algorithm was added in w3c/FileAPI#201.
@annevk annevk merged commit 0ce45ae into whatwg:main Dec 9, 2024
2 checks passed
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Dec 10, 2024
Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
aarongable pushed a commit to chromium/chromium that referenced this pull request Dec 10, 2024
Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <[email protected]>
Commit-Queue: Andrew Williams <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394563}
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Dec 10, 2024
Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <[email protected]>
Commit-Queue: Andrew Williams <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394563}
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Dec 11, 2024
Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <[email protected]>
Commit-Queue: Andrew Williams <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394563}
moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this pull request Dec 13, 2024
…PTs permanent, a=testonly

Automatic update from web-platform-tests
[Blob URL] Make tentative partitioning WPTs permanent

Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <[email protected]>
Commit-Queue: Andrew Williams <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394563}

--

wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d
wpt-pr: 49629
i3roly pushed a commit to i3roly/firefox-dynasty that referenced this pull request Dec 14, 2024
…PTs permanent, a=testonly

Automatic update from web-platform-tests
[Blob URL] Make tentative partitioning WPTs permanent

Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <[email protected]>
Commit-Queue: Andrew Williams <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394563}

--

wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d
wpt-pr: 49629
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified-and-comments-removed that referenced this pull request Dec 16, 2024
…PTs permanent, a=testonly

Automatic update from web-platform-tests
[Blob URL] Make tentative partitioning WPTs permanent

Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <binglerchromium.org>
Commit-Queue: Andrew Williams <awilliachromium.org>
Cr-Commit-Position: refs/heads/main{#1394563}

--

wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d
wpt-pr: 49629

UltraBlame original commit: eeba0835a846042567009b99eb22224cfacd0380
gecko-dev-updater pushed a commit to marco-c/gecko-dev-comments-removed that referenced this pull request Dec 16, 2024
…PTs permanent, a=testonly

Automatic update from web-platform-tests
[Blob URL] Make tentative partitioning WPTs permanent

Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <binglerchromium.org>
Commit-Queue: Andrew Williams <awilliachromium.org>
Cr-Commit-Position: refs/heads/main{#1394563}

--

wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d
wpt-pr: 49629

UltraBlame original commit: eeba0835a846042567009b99eb22224cfacd0380
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified that referenced this pull request Dec 16, 2024
…PTs permanent, a=testonly

Automatic update from web-platform-tests
[Blob URL] Make tentative partitioning WPTs permanent

Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <binglerchromium.org>
Commit-Queue: Andrew Williams <awilliachromium.org>
Cr-Commit-Position: refs/heads/main{#1394563}

--

wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d
wpt-pr: 49629

UltraBlame original commit: eeba0835a846042567009b99eb22224cfacd0380
ErichDonGubler pushed a commit to erichdongubler-mozilla/firefox that referenced this pull request Dec 19, 2024
…PTs permanent, a=testonly

Automatic update from web-platform-tests
[Blob URL] Make tentative partitioning WPTs permanent

Associated spec PRs:
 - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key
 - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key
 - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs

Bug: 40057646
Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596
Reviewed-by: Steven Bingler <[email protected]>
Commit-Queue: Andrew Williams <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1394563}

--

wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d
wpt-pr: 49629
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants