Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add checks for not potentially trustworthy and "file" origins. #219

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

inexorabletash
Copy link
Member

@inexorabletash inexorabletash commented Jul 7, 2023

This aligns the spec with Chromium's behavior, namely that writes where the origin is not potentially trustworthy or is "file" scheme result in failure with a TypeError.

Resolves #193


Preview | Diff

This aligns the spec with Chromium's behavior, namely that writes
where the origin is not potentially trustworthy or is "file" scheme
result in failure with a TypeError.

Resolves #193
@inexorabletash
Copy link
Member Author

This PR (as currently written) is purely to align the spec text w/ Chromium behavior. That doesn't mean we should merge it though! Notably:

  • Chromium doesn't error on read. Should it?
  • document.cookie prevents writes if the document is "cookie-averse". Alignment might be nice?
  • Needs tests!

Copy link
Collaborator

@ayuishii ayuishii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the change!
I think this LGTM.

@inexorabletash
Copy link
Member Author

I looked briefly at tests just to capture Chrome's behavior - given the [SecureContext] requirement for the API I'm drawing a blank on exercising the "not potentially trustworthy" check from WPT given https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy .

A manual test for file: is doable. Ideas welcome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add references to secure/insecure contexts/origins and clarify the case of local files.
2 participants