| 14:47 | <JakeA> | Does anyone know how `requestStorageAccess` works? As in, what happens to existing storage connections to things like idb and the cache API? Do storage events fire on localstorage as things change over? |
| 14:51 | <Domenic> | Let me just consult the spec for that... oh wait... |
| 14:53 | <JakeA> | indeed |
| 14:53 | <annevk> | JakeA: I have tried to get that moving, but that is not defined and at least I have not seen much coordination around it |
| 14:54 | <JakeA> | annevk: any idea what Firefox does? No worries if you don't know off the top of your head |
| 14:55 | <annevk> | JakeA: iirc there's "blocked", "third-party", and "first-party" as modes, I'm not sure you can migrate from "blocked" |
| 14:56 | <annevk> | JakeA: I think for localStorage you get new objects, but I haven't tested any of this in much detail as I was trying to get other people to work on it |
| 14:56 | <annevk> | I wouldn't take whatever we do as a requirement though |
| 14:57 | <JakeA> | annevk: Fair enough. I kinda wish `requestStorageAccess` returned a 'storage bucket' for the top-level origin. That'd solve the open-connections issue, but I guess it'd create lots of other problems. |
| 14:58 | <annevk> | JakeA: one thing I never really got clear in my head is what the threat model is during a transition |
| 14:58 | <annevk> | JakeA: it might be good to start there before figuring out API specifics |
| 14:59 | <JakeA> | True. Even in the current model you'll end up with a combination of data sources, even if some of them are just held in memory. |
| 14:59 | <annevk> | exactly |
| 15:53 | <hober> | JakeA annevk Domenic: sorry it's taken so long. we're going to spin up an issue tracker in the privacycg for it; it got pretty difficult to follow all the discussion in whatwg/html#3338. the output of that work will be an HTML PR. |
| 15:54 | <annevk> | hober: 🎉 |
| 15:56 | <JakeA> | hober: Cheers! Does Safari treat a `window.open`'d as third party, or is this fine since it's got the origin visible? |
| 15:58 | <hober> | JakeA: i don't know offhand |
| 15:58 | <JakeA> | No worries, I can give it a test |
| 17:08 | <littledan> | Domenic: It's great to see your work on origin policy. I'm wondering, is this hoped to enable ServiceWorker on first load eventually? |
| 17:09 | <Domenic> | littledan: I'm not aware of any such plans. We had Link: rel=serviceworker; at some point but unshipped that, so I assume the reasons for not pursuing service worker on first load are still valid. |
| 17:10 | <littledan> | Domenic: Do you have a good reference for this? I'm asking because I'm reviewing another proposal that adds a response header that points to a script that runs before any other script. |
| 17:10 | <littledan> | and I'm curious whether there are some similar problems/solutions. Maybe it's not problematic to ask for a script to run "first" in a response header? |
| 17:10 | <Domenic> | littledan: I don't, but JakeA might. |
| 17:11 | annevk | is reminded of https://en.wikipedia.org/wiki/Proxy_auto-config |
| 17:11 | <annevk> | (beware, that's terrible) |
| 17:12 | <annevk> | littledan: how is it different from starting your HTML document with that script? |
| 17:13 | <littledan> | (I thought it was terrible but they say no one else raised this concern) |
| 17:13 | <littledan> | annevk: The idea is that this can be added centrally more easily, based on how sites are deployed in practice |
| 17:15 | <Domenic> | I mean in general adding more means of script execution is a pretty big project, and I wouldn't advise people to take it on, but it keeps happening. |
| 17:15 | <annevk> | My comment was about PAC, I kinda like the idea of letting script run in response to a navigation, but not if the only aim is to make deployment easier |
| 17:16 | <littledan> | similar prototype systems showed that it was basically fatally impractical to try to get something to run first, it's claimed |
| 17:17 | <littledan> | this is for loading a security policy for the page |
| 17:20 | <littledan> | annevk: For what sorts of purposes do you think it'd be acceptable to let a script run in response to navigation? |
| 17:23 | <annevk> | littledan: mainly the case of being able to rely on a service worker being there |
| 17:24 | <annevk> | (which as Domenic pointed out has been tricky historically and probably still us due to the performance impact) |
| 17:29 | <littledan> | well, thanks for your help understanding this |