You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -279,7 +280,7 @@ The {{SharedStorageWorklet}} object allows developers to supply [=module scripts
279
280
280
281
Each {{SharedStorageWorklet}} has an associated boolean <dfn for="SharedStorageWorklet">addModule initiated</dfn>, initialized to false.
281
282
282
-
Each {{SharedStorageWorklet}} has an associated {{SharedStorageDataOrigin}}<dfn for="SharedStorageWorklet">data origin</dfn>, initialized to `"context-origin"`.
283
+
Each {{SharedStorageWorklet}} has an associated {{USVString}}<dfn for="SharedStorageWorklet">data origin</dfn>, initialized to `"context-origin"`.
283
284
284
285
Each {{SharedStorageWorklet}} has an associated boolean <dfn for="SharedStorageWorklet">has cross-origin data origin</dfn>, initialized to false.
285
286
@@ -322,6 +323,10 @@ When {{Worklet/addModule()}} is called for a worklet, it will run [=check if add
322
323
1. Set |worklet|'s [=addModule initiated=] to true.
323
324
1. Let |workletDataOrigin| be the [=current settings object=]'s [=environment settings object/origin=].
324
325
1. If |worklet|'s [=SharedStorageWorklet/data origin=] is `"script-origin"`, set |workletDataOrigin| to |moduleURLRecord|'s [=url/origin=].
326
+
1. Otherwise, if |worklet|'s [=SharedStorageWorklet/data origin=] is not `"context-origin"`:
327
+
1. Let |customOriginUrl| be the result of running a [=URL parser=] on |worklet|'s [=SharedStorageWorklet/data origin=].
328
+
1. If |customOriginUrl| is not a valid [=/URL=], return "DisallowedDueToNonPreferenceError".
329
+
1. Set |workletDataOrigin| to |customOriginUrl|'s [=url/origin=].
325
330
1. Let |hasCrossOriginDataOrigin| be false.
326
331
1. If |workletDataOrigin| and the [=current settings object=]'s [=environment settings object/origin=] are not [=same origin=], then set |hasCrossOriginDataOrigin| to true.
327
332
1. Let |allowedInOpaqueOriginContext| be |hasCrossOriginDataOrigin|.
@@ -636,10 +641,14 @@ Moreover, each {{SharedStorageWorklet}}'s [=global scopes|list of global scopes=
636
641
1. If |workletGlobalScope| is not {{SharedStorageWorkletGlobalScope}}, return |origin|.
637
642
1. [=Assert=] that |worklet| is a {{SharedStorageWorklet}}.
638
643
1. If |worklet|'s [=SharedStorageWorklet/data origin=] is `"context-origin"`, return <var ignore=''>outsideSettings</var>'s [=environment settings object/origin=].
639
-
1. Let |pendingAddedModules| be a [=list/clone=] of |worklet|'s [=added modules list=].
640
-
1. [=Assert=]: |pendingAddedModules|'s [=list/size=] is 1.
641
-
1. Let |moduleURL| be |pendingAddedModules|[0].
642
-
1. Return |moduleURL|'s [=url/origin=].
644
+
1. Otherwise, if [=SharedStorageWorklet/data origin=] is `"script-origin"`:
645
+
1. Let |pendingAddedModules| be a [=list/clone=] of |worklet|'s [=added modules list=].
646
+
1. [=Assert=]: |pendingAddedModules|'s [=list/size=] is 1.
647
+
1. Let |moduleURL| be |pendingAddedModules|[0].
648
+
1. Return |moduleURL|'s [=url/origin=].
649
+
1. Otherwise, let |customOriginUrl| be the result of running a [=URL parser=] on [=SharedStorageWorklet/data origin=].
650
+
1. [=Assert=] |customOriginUrl| is a valid [=/URL=].
651
+
1. Return |customOriginUrl|'s [=url/origin=].
643
652
644
653
......
645
654
@@ -695,6 +704,57 @@ Moreover, each {{SharedStorageWorklet}}'s [=global scopes|list of global scopes=
695
704
This rationale also applies to the handling for user preferences error for {{SharedStorageWorklet/selectURL()}} and {{SharedStorageWorklet/run()}}.
696
705
</div>
697
706
707
+
After the step "Let <var ignore=''>addedSuccessfully</var> be false", we need to include the following step:
708
+
709
+
4. If |this| is of type {{SharedStorageWorklet}}, [=SharedStorageWorklet/has cross-origin data origin=] is true, and [=SharedStorageWorklet/data origin=] is not `"script-origin"`:
710
+
1. [=Assert=] |pendingTasks| is 1.
711
+
1. Set |pendingTasks| to 2.
712
+
1. [=Queue a global task=] on the [=networking task source=] given <var ignore=''>workletGlobalScope</var> to perform the following steps:
713
+
1. Let |customOriginUrl| be the result of running a [=URL parser=] on [=SharedStorageWorklet/data origin=].
714
+
1. [=Assert=] |customOriginUrl| is a valid [=/URL=].
715
+
1. Set |customOriginUrl|'s [=url/path=] to ≪".well-known", "shared-storage", "trusted-origins"≫.
716
+
1. Let |request| be a new [=/request=] whose [=request/URL=] is |customOriginUrl|, [=request/mode=] is `"cors"`, [=request/referrer=] is `"client"`, [=request/destination=] is `"json"`, [=request/initiator type=] is `"script"`, and [=request/client=] is |outsideSettings|.
717
+
1. [=Fetch=] |request| with [=fetch/processResponseConsumeBody=] set to the following algorithm, given [=/response=] |response| and null, failure or a [=/byte sequence=] |bodyBytes|:
718
+
1. If any of the following are true:
719
+
* |bodyBytes| is null or failure; or
720
+
* |response|'s [=response/status=] is not an [=ok status=],
721
+
722
+
then:
723
+
1. Set |pendingTasks| to −1.
724
+
1. [=Reject=] |promise| with an "TypeError" DOMException.
725
+
1. Abort these steps.
726
+
1. Let |mimeType| be the result of [=extracting a MIME type=] from |response|'s [=response/header list=].
727
+
1. If |mimeType| is not a [=JSON MIME type=], then:
728
+
1. Set |pendingTasks| to −1.
729
+
1. [=Reject=] |promise| with an "TypeError" DOMException.
730
+
1. Abort these steps.
731
+
1. Let |sourceText| be the result of [=UTF-8 decoding=] |bodyBytes|.
732
+
1. Let |parsed| be the result of [=parsing a JSON string to an Infra value=] given |sourceText|.
733
+
1. If |parsed| is not a [=list=] or if |parsed| is [=list/empty=], then:
734
+
1. Set |pendingTasks| to −1.
735
+
1. [=Reject=] |promise| with an "TypeError" DOMException.
736
+
1. Abort these steps.
737
+
1. Let |doesMatch| be false.
738
+
1. For each |item| of |parsed|:
739
+
1. If |item| is not an [=ordered map=], or if |item| does not [=map/contain=] `scriptOrigin`, or if |item| does not [=map/contain=] `contextOrigin`:
740
+
1. Set |pendingTasks| to −1.
741
+
1. [=Reject=] |promise| with an "TypeError" DOMException.
742
+
1. Abort these steps.
743
+
1. Let |doesMatch| be the result of running [=check for script and context origin match=] on |item|[`scriptOrigin`], <var ignore=''>moduleURLRecord</var>'s [=url/origin=], |item|[`contextOrigin`], and |outsideSettings|'s [=environment settings object/origin=].
744
+
1. If |doesMatch| is true:
745
+
1. [=Queue a global task=] on the [=networking task source=] given |this|'s [=relevant global object=] to perform the following steps:
746
+
1. If |pendingTasks| is not −1, then:
747
+
1. Set |pendingTasks| to |pendingTasks| − 1.
748
+
1. If |pendingTasks| is 0, perform the following steps:
749
+
1. If |workletGlobalScope| has an associated boolean [=addModule success=], set |workletGlobalScope|'s [=addModule success=] to true.
750
+
1. [=Resolve=] |promise|.
751
+
1. Break.
752
+
1. If |doesMatch| is false, then:
753
+
1. Set |pendingTasks| to −1.
754
+
1. [=Reject=] |promise| with an "TypeError" DOMException.
755
+
756
+
Note: If the worklet data origin is different from the current context and the script origin, an additional check is performed. This involves fetching a configuration file from the worklet data origin to verify that the current context is allowed to load the worklet with the script and perform operations.
757
+
698
758
The penultimate step (i.e. the final indented step), currently "If |pendingTasks| is 0, then [=resolve=] |promise|.", should be updated to:
699
759
700
760
2. If |pendingTasks| is 0, perform the following steps:
@@ -731,6 +791,36 @@ Moreover, each {{SharedStorageWorklet}}'s [=global scopes|list of global scopes=
731
791
time, each with a different batching scope and debug scope. However,
732
792
only one can be currently executing.
733
793
794
+
795
+
A <dfn>trusted origin type</dfn> is a [=string=] or [=list=] of [=strings=].
796
+
797
+
<div algorithm>
798
+
To <dfn>check for script and context origin match</dfn>, given [=trusted origin type=] |itemScriptOrigin|, [=url/origin=] |actualScriptOrigin|, [=trusted origin type=] |itemContextOrigin|, and [=environment settings object/origin=] |actualContextOrigin|, peform the following steps:
799
+
800
+
1. If the result of running [=check for trusted origin match=], given |itemScriptOrigin| and |actualScriptOrigin| is false, return false.
801
+
1. Return the result of running [=check for trusted origin match=], given |itemContextOrigin| and |actualContextOrigin|.
802
+
</div>
803
+
804
+
<div algorithm>
805
+
To <dfn>check for trusted origin match</dfn>, given [=trusted origin type=] |itemOrigin| and [=url/origin=] |actualOrigin|, peform the following steps:
806
+
807
+
1. If |itemOrigin| is a [=string=], return the result of running [=check for trusted origin match on a string=], given |itemOrigin| and |actualOrigin|.
808
+
1. Otherwise, for each |originString| in |itemOrigin|:
809
+
1. If the result of running [=check for trusted origin match on a string=] given |originString| and |actualOrigin| is true, return true.
810
+
1. Return false.
811
+
</div>
812
+
813
+
814
+
<div algorithm>
815
+
To <dfn>check for trusted origin match on a string</dfn>, given [=string=] |itemOrigin| and [=url/origin=] |actualOrigin|, peform the following steps:
816
+
817
+
1. If |itemOrigin| is `"*"`, return true.
818
+
1. Let |itemOriginUrl| be the result of running a [=URL parser=] on |itemOrigin|.
819
+
1. If |itemOriginUrl| is not a valid [=/URL=], then return false.
820
+
1. If |itemOriginUrl|'s [=url/origin=] and |actualOrigin| are [=same origin=], return true.
821
+
1. Otherwise, return false.
822
+
</div>
823
+
734
824
<span class=todo>Add additional monkey patch pieces for out-of-process worklets.</span>
735
825
736
826
## The {{SharedStorageWorkletGlobalScope}} ## {#global-scope}
@@ -1355,7 +1445,7 @@ On the other hand, methods for getting data from the [=shared storage database=]
@@ -1759,9 +1849,10 @@ The IDL attribute {{HTMLSharedStorageWritableElementUtils/sharedStorageWritable}
1759
1849
1. [=Assert=] that |dataOriginUrl| is not failure.
1760
1850
1. [=Assert=] that |request|'s [=request/origin=] is not "<code>client</code>".
1761
1851
1. [=Assert=] that |request|'s [=request/origin=] and |request|'s [=request/URL=]'s [=url/origin=] are not [=same origin=].
1762
-
1. [=Assert=] that |dataOriginUrl|'s [=url/origin=] and |request|'s [=request/URL=]'s [=url/origin=] are [=same origin=].
1763
-
1. Let |responseHeaders| be |internalResponse|'s [=response/header list=].
1764
-
1. Let |allowed| be the result of running [=get a structured field value=] algorithm given [:Shared-Storage-Cross-Origin-Worklet-Allowed:], "item", and |responseHeaders| as input.
1852
+
1. Let |allowed| be true.
1853
+
1. If |dataOriginUrl|'s [=url/origin=] and |request|'s [=request/URL=]'s [=url/origin=] are [=same origin=]:
1854
+
1. Let |responseHeaders| be |internalResponse|'s [=response/header list=].
1855
+
1. Let |allowed| be the result of running [=get a structured field value=] algorithm given [:Shared-Storage-Cross-Origin-Worklet-Allowed:], "item", and |responseHeaders| as input.
1765
1856
1. If |allowed| is false, then return a [=network error=].
1766
1857
1. [=Handle a Shared-Storage-Write response=], given [=/response=] |internalResponse| and [=/request=]<var ignore=''>request</var> as input.
0 commit comments