From 86d8585f61c6534a299753bd6e76e1055cbc634a Mon Sep 17 00:00:00 2001 From: Andrew Verge Date: Thu, 23 Jan 2025 08:29:49 -0500 Subject: [PATCH] Fix preferences error and documentation sections. --- spec.bs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec.bs b/spec.bs index 57c3a57..38d4b88 100644 --- a/spec.bs +++ b/spec.bs @@ -225,7 +225,7 @@ Introduction {#intro} In order to prevent cross-site user tracking, browsers are partitioning all forms of storage by [=top-level traversable=] site; see [=Client-Side Storage Partitioning=]. But, there are many [=legitimate use cases=] currently relying on unpartitioned storage. This document introduces a new storage API that is intentionally not partitioned by [=top-level traversable=] site (though still partitioned by context origin), in order to serve a number of the use cases needing unpartitioned storage. To limit cross-site reidentification of users, data in Shared Storage may only be read in two restricted environments. One such environment is called a worklet, and any output from the worklet is in the form of a [=fenced frame=] or a [=Private Aggregation=] report. Over time, there may be additional worklet output gates included in the standard. -The other restricted environment is a [=fenced frame=] in which {{Fence/disableUntrustedNetwork()}} has resolved successfully, which prevent the read data from being shared outside the frame. +The other restricted environment is within a [=fenced frame=]'s content after it resolves a call to {{Fence/disableUntrustedNetwork()}}, which prevents the read data from being shared outside the frame.
`a.example` randomly assigns users to groups in a way that is consistent cross-site. @@ -320,7 +320,7 @@ When {{Worklet/addModule()}} is called for a worklet, it will run [=check if add - For creating a worklet, |environment| is the [=environment settings object=] associated with the {{Window}} that created the worklet, and |origin| is the module script url's [=url/origin=]. - For running operations on a worklet (from a {{Window}}), |environment| is the [=environment settings object=] associated with the {{Window}} that created the worklet, and |origin| is the worklet's [=global scopes=][0]'s [=global object/realm=]'s [=realm/settings object=]'s [=environment settings object/origin=]. - For [[#setter]], |environment| is either the current context (when called from a {{Window}}) or the [=environment settings object=] associated with the {{Window}} that created the worklet (when called from a {{SharedStorageWorkletGlobalScope}}), and |origin| is |environment|'s [=environment settings object/origin=]. - - For {{SharedStorage/get()}}, |environment| is either the current context (when called from a {{Window}}) or the [=environment settings object=] associated with the active {{Window}} of the {{SharedStorageWorkletGlobalScope}}, and |origin| is |environment|'s [=environment settings object/origin=]. + - For {{SharedStorage/get()}} invoked from a {{Window}} (which can only succed in a [=fenced frame=]), |environment| is the current context, and |origin| is |environment|'s [=environment settings object/origin=]. - For [[#ss-fetch-algo]], |environment| is the request's [=request/window=], and |origin| is the request's [=request/current URL=]'s [=url/origin=]. - For [[#ss-fetch-algo]], for {{SharedStorage/createWorklet()}} called with a cross-origin worklet script using the dataOrigin option with value `"script-origin"` (which would result in a worklet where [=SharedStorageWorklet/has cross-origin data origin=] is true), and for {{SharedStorageWorklet/selectURL()}} and {{SharedStorageWorklet/run()}} that operate on a worklet where [=SharedStorageWorklet/has cross-origin data origin=] is true, |allowedInOpaqueOriginContext| is true. For other methods, |allowedInOpaqueOriginContext| is false.
@@ -1893,7 +1893,7 @@ Note: The [=determine if a navigable has fully revoked network=] algorithm ensur 1. Set |environment| to |context|'s [=active window=]'s [=relevant settings object=]. 1. Let |allowedInOpaqueOriginContext| be false. 1. If the result of running [=determine whether shared storage is allowed by context=] given |environment|, |environment|'s [=environment settings object/origin=], and |allowedInOpaqueOriginContext| is false, [=reject=] |promise| with a {{TypeError}}. - 1. If the result of running [=check if user preference setting allows access to shared storage=] given |environment| and |environment|'s [=environment settings object/origin=] is false, [=reject=] |promise| with a {{TypeError}}. + 1. If the result of running [=check if user preference setting allows access to shared storage=] given |environment| and |environment|'s [=environment settings object/origin=] is false, [=reject=] |promise| with an {{OperationError}}. 1. Let |document| be |context|'s [=active document=]. 1. If the result of running [=Is feature enabled in document for origin?=] on "[=PermissionsPolicy/fenced-unpartitioned-storage-read=]", |document|, and |environment|'s [=environment settings object/origin=] is false, [=reject=] |promise| with an {{OperationError}}. 1. Let |navigable| be |document|'s [=node navigable=]. @@ -2408,7 +2408,7 @@ The [=obtain a lock manager=] algorithm should be prepended with the following s Permissions Policy Integration {#permission} ============================================ -This specification defines three [=policy-controlled features=]. +This specification defines three [=policy-controlled features=] identified by the following strings: shared-storage" gates access to Shared Storage in general.