Re: [whatwg/fetch] Partition Blob URL fetches by Storage Key (PR #1783)

@domenic commented on this pull request.



> @@ -3133,6 +3133,32 @@ or an <a>implementation-defined</a> value.
 </div>
 
 
+<h3 id=storage-keys-for-requests>Storage keys for requests</h3>
+
+<p class=note>Requests made to Blob URLs (other than those corresponding to navigations) are
+prevented from succeeding if the <a spec=storage>storage key</a> of the
+<a>environment settings object</a> making the request is different than the
+<a spec=storage>storage key</a> of the <a>environment settings object</a> corresponding to where
+the Blob URL was created.

This feels like it would work better after line 5028, instead of near this algorithm.

> @@ -4978,6 +5004,29 @@ steps:
       <p class=note>The `<code>GET</code>` <a for=/>method</a> restriction serves no useful purpose
       other than being interoperable.
 
+     <li>
+      <p>Let <var>blobStorageKey</var> be the result of running
+      <a>obtain a storage key for non-storage purposes</a> with <var>blobURLEntry</var>'s
+      <a>environment settings object</a>.
+
+     <li>
+      <p>Let <var>requestStorageKey</var> be the result of
+      <a for=request>determining the storage key</a> given <var>request</var>.
+
+     <li>
+      <p>If all of the following conditions are true:
+
+      <ul class=brief>
+       <li><p><var>request</var>'s <a for=request>mode</a> is not "<code>navigate</code>"

```suggestion
       <li><p><var>request</var>'s <a for=request>mode</a> is not "<code>navigate</code>";
```

> +     <li>
+      <p>Let <var>blobStorageKey</var> be the result of running
+      <a>obtain a storage key for non-storage purposes</a> with <var>blobURLEntry</var>'s
+      <a>environment settings object</a>.
+
+     <li>
+      <p>Let <var>requestStorageKey</var> be the result of
+      <a for=request>determining the storage key</a> given <var>request</var>.
+
+     <li>
+      <p>If all of the following conditions are true:
+
+      <ul class=brief>
+       <li><p><var>request</var>'s <a for=request>mode</a> is not "<code>navigate</code>"
+
+       <li><p><var>requestStorageKey</var> is non-null

```suggestion
       <li><p><var>requestStorageKey</var> is non-null; and
```

> +      <a>environment settings object</a>.
+
+     <li>
+      <p>Let <var>requestStorageKey</var> be the result of
+      <a for=request>determining the storage key</a> given <var>request</var>.
+
+     <li>
+      <p>If all of the following conditions are true:
+
+      <ul class=brief>
+       <li><p><var>request</var>'s <a for=request>mode</a> is not "<code>navigate</code>"
+
+       <li><p><var>requestStorageKey</var> is non-null
+
+       <li><p><var>requestStorageKey</var> does not <a for="storage key">equal</a>
+       <var>blobStorageKey</var>

```suggestion
       <var>blobStorageKey</var>,
```

> @@ -4978,6 +5004,29 @@ steps:
       <p class=note>The `<code>GET</code>` <a for=/>method</a> restriction serves no useful purpose
       other than being interoperable.
 
+     <li>
+      <p>Let <var>blobStorageKey</var> be the result of running
+      <a>obtain a storage key for non-storage purposes</a> with <var>blobURLEntry</var>'s
+      <a>environment settings object</a>.

This should not link to the type definition of "environment settings object", but instead link to https://w3c.github.io/FileAPI/#blob-url-entry-environment .

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1783#pullrequestreview-2450455880
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1783/review/2450455880@github.com>

Received on Thursday, 21 November 2024 07:18:28 UTC