diff --git a/index.bs b/index.bs index 9a19ed1..997a649 100644 --- a/index.bs +++ b/index.bs @@ -154,9 +154,30 @@ To determine if a request has top-level storage access with [=request +

Changes to Permissions

+ +In [=specifies a powerful feature|specifying a powerful feature=], add the following algorithm: + +
+
+ A permission granted algorithm: +
+
+ Takes a [=permission key=]. Updates any other parts of the implementation that need to be kept in sync with changes in the results of [=permission states=] or [=extra permission data=]. + + If unspecified, this defaults to be a no-op. +
+
+ +When [=requesting permission to use=] "top-level-storage-access", replace step 6 ("Queue a task...") with the following steps: + +1. [=Queue a task=] on the [=current settings object=]'s [=responsible event loop=] to run the following steps: + 1. [=Set a permission store entry=] with descriptor, key, and |current state|. + 1. If |current state| is "[=permission/granted=]", run the [=permission granted algorithm=]. +

Permissions Integration

-The requestStorageAccessFor API defines a [=powerful feature=] identified by the [=powerful feature/name=] "top-level-storage-access". It defines the following permission-related algorithms: +The requestStorageAccessFor API defines a [=powerful feature=] identified by the [=powerful feature/name=] "top-level-storage-access". It defines the following permission-related algorithms:
{{PermissionDescriptor}}
@@ -206,6 +227,17 @@ The requestStorageAccessFor API defines a [=powerful feature=] identified by the 1. If |key1| is null or |key2| is null, return false. 1. Return |key1| is [=same site=] with |key2|. + + +
[=powerful feature/permission granted algorithm=]
+
+
+ When permission to use the "top-level-storage-access" feature has been granted for [=permission key=] |key|, run the following steps: + 1. If |key| is null, return. + 1. Let |descriptor| be a {{PermissionDescriptor}} with name "storage-access". + 1. [=Set a permission store entry=] with |descriptor|, |key|, and "[=permission/granted=]". + 1. Run the [=permission granted algorithm=] for the "storage-access" feature. +
@@ -229,18 +261,9 @@ In [=http network or cache fetch=], when determining whether to block cookies, r

Storage Access API Integration

Note: even after a successful {{Document/requestStorageAccessFor(requestedOrigin)}} call, frames have to explicitly invoke {{Document/requestStorageAccess()}} for cookie access. -This modification allows {{Document/requestStorageAccessFor(requestedOrigin)}} to allow resolution of {{Document/requestStorageAccess()}} calls similarly to a prior successful {{Document/requestStorageAccess()}} grant. - -
-Modify {{Document/requestStorageAccess()}} to insert the following steps before step 13.4 (i.e. before checking transient activation): -1. Let |settings| be doc's [=relevant settings object=]. -1. Let |origin| be |settings|' [=environment settings object/origin=]. -1. Let |descriptor| be a newly created {{TopLevelStorageAccessPermissionDescriptor}} with {{PermissionDescriptor/name}} set to "top-level-storage-access" and with {{TopLevelStorageAccessPermissionDescriptor/requestedOrigin}} set to |origin|. -1. If |descriptor|'s [=permission state=] is [=permission/granted=], [=queue a global task=] on the [=permissions task source=] given |global| to [=resolve=] |p|, and return. -1. If |descriptor|'s [=permission state=] is [=permission/denied=], [=queue a global task=] on the [=permissions task source=] given |global| to [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}}, and return. +As noted above, user agents may choose to grant the corresponding `storage-access` permission when granting `top-level-storage-access` permission. -

Privacy considerations