Re: [whatwg/fetch] Should network state be keyed beyond the top-level site (#1035) from Anne van Kesteren on 2021-09-22 (public-webapps-github@w3.org from September 2021)

From: Anne van Kesteren <notifications@github.com>
Date: Wed, 22 Sep 2021 04:49:36 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1035/924854625@github.com>

So from https://github.com/shivanigithub/http-cache-partitioning/issues/2 my best understanding is that Chrome uses

<top-frame-site, document-site>

as key for most network state, except for the HTTP cache where

<top-frame-site, document-site, is-iframe-navigation>

is used.

Per https://github.com/wanderview/quota-storage-partitioning/blob/main/explainer.md it seems that @wanderview et al plan to use <top-frame-site> for service workers and storage in general.

Wouldn't that mean that if you adopt service workers and cache resources therein you have a vulnerability you previously did not?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1035#issuecomment-924854625

Received on Wednesday, 22 September 2021 11:49:48 UTC