- From: Andrew Williams <notifications@github.com>
- Date: Fri, 25 Oct 2024 14:33:40 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1783@github.com>
Partition Blob URL fetches by Storage Key
This change updates the spec to partition Blob URL fetches by Storage Key. This change is part of broader changes discussed in https://github.com/w3c/FileAPI/issues/153#issuecomment-2330085478. Specifically, we will also:
- Partition Blob URL revocation by storage key - https://github.com/w3c/FileAPI/pull/201
- Enforce noopener when a cross-top-level-site Blob URL is window.opened - TODO
I considered incorporating the Storage Key checks into the "resolve a blob URL" algorithm instead, but it seemed that this would require an environment settings object to be available as part of https://url.spec.whatwg.org/#url-parsing, and I'm not sure whether that is the case / a change we want.
- [x] At least two implementers are interested (and none opposed):
* Firefox has already implemented this - https://github.com/w3c/FileAPI/issues/153#issuecomment-2332288047
* Safari has implemented partitioning Blob URL fetches by top-level origin and is considering partitioning them by a site-based Storage Key (Storage Key specifics TBD) - https://github.com/w3c/FileAPI/issues/153#issuecomment-2332086739
- [x] [Tests](https://github.com/web-platform-tests/wpt) are written and can be reviewed and commented upon at:
* https://chromium-review.googlesource.com/c/chromium/src/+/5967596
- [ ] [Implementation bugs](https://github.com/whatwg/meta/blob/main/MAINTAINERS.md#handling-pull-requests) are filed:
* Chromium: https://crbug.com/40057646
* Gecko: TODO
* WebKit: TODO
* Deno (not for CORS changes): TODO
- [ ] [MDN issue](https://github.com/whatwg/meta/blob/main/MAINTAINERS.md#handling-pull-requests) is filed: TODO
- [x] The top of this comment includes a [clear commit message](https://github.com/whatwg/meta/blob/main/COMMITTING.md) to use. <!-- If you created this PR from a single commit, Github copied its message. Otherwise, you need to add a commit message yourself. -->
(See [WHATWG Working Mode: Changes](https://whatwg.org/working-mode#changes) for more details.)
<!--
This comment and the below content is programmatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://whatpr.org/fetch/1783.html" title="Last updated on Oct 25, 2024, 9:33 PM UTC (f4f62bf)">Preview</a> | <a href="https://whatpr.org/fetch/1783/1dc1b03...f4f62bf.html" title="Last updated on Oct 25, 2024, 9:33 PM UTC (f4f62bf)">Diff</a>
You can view, comment on, or merge this pull request online at:
https://github.com/whatwg/fetch/pull/1783
-- Commit Summary --
* Partition Blob URL fetches by Storage Key
* Fix formatting per the style guide
* Fix build and formatting
* Add name to Acknowledgements section
-- File Changes --
M fetch.bs (50)
-- Patch Links --
https://github.com/whatwg/fetch/pull/1783.patch
https://github.com/whatwg/fetch/pull/1783.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1783
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/fetch/pull/1783@github.com>
Received on Friday, 25 October 2024 21:33:44 UTC