| 05:51 | <Andreu Botella (he/they)> | is there any reason this WPT test doesn't test that SharedArrayBuffers have the same backing block when posted to workers and iframes and back? |
| 05:51 | <Andreu Botella (he/they)> | https://github.com/web-platform-tests/wpt/blob/master/html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/identity-not-preserved.https.html |
| 06:37 | <annevk> | Andreu Botella (he/they): I suspect separation of concerns, but when Domenic is back he might be able to recall |
| 06:39 | <Andreu Botella (he/they)> | assertSABsHaveSameBackingBlock in the same window subtest already tests that the objects aren't identical, so I don't think that's the case |
| 07:11 | <annevk> | Fair, perhaps there was/is no utility for an equivalent assert across agents? Seems like that would have to involve at least some additional message passing. |
| 07:12 | <annevk> | Or maybe you just want to assert it on the sab you get back? |
| 07:12 | <annevk> | Seems okay to add |
| 07:14 | <Andreu Botella (he/they)> | I mean, there are other WPT tests that properly test that SABs in fact share their backing block, not to mention test262 tests |
| 07:14 | <Andreu Botella (he/they)> | But it seems odd to test that for same-window postMessaging but not for workers and iframes |
| 10:27 | <ntim> | Ms2ger 💉💉or foolip hey, can you please force merge https://github.com/web-platform-tests/wpt/pull/31230 ? It's currently affected by https://github.com/web-platform-tests/wpt/issues/31231 |
| 10:27 | ntim | needs to import the test into WebKit |
| 10:27 | <Ms2ger 💉💉> | I guess I can! |
| 10:27 | <ntim> | thanks! |
| 11:41 | <ntim> | Ms2ger 💉💉: can you also please merge https://github.com/web-platform-tests/wpt/pull/31234 ? Thanks :) |
| 11:41 | <ntim> | or jgraham ^ |
| 12:02 | <ntim> | i normally can push, but https://github.com/web-platform-tests/wpt/issues/31231 is preventing me too, only a core team person can bypass that |
| 12:04 | <ntim> | hmm looks like https://github.com/web-platform-tests/wpt/pull/31236 is not affected |
| 12:06 | <ntim> | but it also does not run that task |
| 12:45 | <Sam Sneddon [:gsnedders]> | ntim: https://matrix.to/#/#wpt:matrix.org is probably the best place for this FTR |
| 12:49 | <Ms2ger 💉💉> | 31231 is fixed |
| 13:17 | <Noam Rosenthal> | Hi Domenic , I hope I can get some of your quality time for HTML spec reviews when you get a chance... https://github.com/whatwg/html/pull/7153 and https://github.com/whatwg/html/pull/7166. thanks! |
| 14:02 | <Jake Archibald> | annevk: do Firefox and Safari key the HTTP cache on credentials include/omit? |
| 15:12 | <annevk> | Jake Archibald: Firefox does, not sure about Safari; see https://github.com/whatwg/fetch/issues/1253 and linked issue |
| 16:10 | <Jake Archibald> | Ta |
| 16:11 | <Jake Archibald> | annevk: seems like Safari does from my testing, but it might be other isolation stuff achieving roughly the same thing. I updated https://jakearchibald.com/2021/cors/#is-it-safe-to-expose-resources-via-cors to make it clear a Vary header is needed in this case (I previously thought it was only needed for with-credentials CORS) |
| 16:33 | <annevk> | Jake Archibald: are you testing cross-site or cross-origin same-site? With the former I'd expect cookie blocking to kick in |
| 16:39 | <Jake Archibald> | annevk: it was cross-site, but I had the site in an iframe so it'd pick up a double-keyed cookie. tbh I don't really know how Safari works with this stuff since it isn't spec'd :( |
| 16:39 | <annevk> | btw, lunch for whoever makes up a term for cross-origin same-site that's usable |
| 16:40 | <annevk> | Jake Archibald: Safari doesn't double-key them, they block 'm |
| 16:40 | <Jake Archibald> | hah oh well |
| 16:43 | <annevk> | The basic Safari model is that they double-key cross-site storage always, and cross-site cookies are blocked. And you can get cookies back with requestStorageAccess(). |
| 16:44 | <annevk> | The basic Firefox model is that we double-key cross-site storage and cookies, and requestStorageAccess() gives you the unpartitioned bits of both. But we're considering going closer to Safari, at least for storage. (And potentially to what wanderview is proposing, with the keying being more akin to SameSite cookies, but that's a bit further away I think.) |
| 19:31 | <Andreu Botella (he/they)> | blog.whatwg.org is down for me |
| 22:17 | <Domenic> | blog.whatwg.org is down for me |
| 22:20 | <Domenic> | 10% uptime today, wtf |
| 22:21 | <Domenic> | Will kick the redeploy button, but ugh |