Skip to content

[worklets] Fill in privacy and security sections of worklets. #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

[worklets] Fill in privacy and security sections of worklets. #379

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
40f3917
[worklets] Fill in privacy and security sections of worklets.
bfgeek Apr 7, 2017
12e9713
address annevk comments.
bfgeek Apr 13, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion worklets/Overview.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Editor: Ian Kilpatrick, ikilpatrick@chromium.org
<pre class="anchors">
urlPrefix: http://heycam.github.io/webidl/; type: dfn;
text: AbortError
text: SecureContext
text: SyntaxError
urlPrefix: #idl-;
text: DOMException
Expand Down Expand Up @@ -41,6 +42,7 @@ urlPrefix: https://html.spec.whatwg.org/multipage/webappapis.html; type: dfn;
text: event loop
text: event loop processing model
text: fetch a module script tree
text: fetch a single module script
text: global object
text: https state
text: incumbent settings object
Expand Down Expand Up @@ -410,7 +412,28 @@ loops and callbacks exceeding imposed time limits.
Security Considerations {#security-considerations}
==================================================

Issue(w3c/css-houdini-drafts#92): Need to decide if to allow worklets for unsecure context, etc.
Worklets do not introduce any usable API surface to the web themselves, instead other
specifications, e.g. [[css-paint-api-1]], [[webaudio]] will extend this specification to provide
useful functionality.

Specifications which use worklets should decide if their worklet(s) should be allowed outside
<a>SecureContexts</a>.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd much rather we just limit them to secure contexts. No real reason to have new globals without it I think.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bfgeek: Have y'all thought about this feedback? Seeing the intent to ship threads for various worklet types without this fundamental question being answered worries me a bit.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've bought this up on blink-dev. I linked to the HoudiniTF discussion there and there wasn't a clear conclusion.
https://lists.w3.org/Archives/Public/www-style/2017Mar/0023.html

I still err towards the side that it should be the decision of downstream specifications to decide this, but the concrete question that we need to answer at the moment is if the CSS Paint API should be available only on secure contexts or not.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see why this should be decided downstream. It's a complex new feature and it can be trivially restricted. There's no good reason to expose it insecurely.

(As for the concerns around paint worklet. If there's no media query for secure contexts, just add one.)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there are good reasons to expose it insecurely. But since the argument is not about CSS Paint specific concerns, but rather all new features, I commented on the relevant TAG issue. w3ctag/design-principles#75 (comment)


Worklets load their module scripts in the same manner that workers load their module scripts. This
fetches the top-level script by the <a>fetch a single module script</a> algorithm which sets the
<a for=request>mode</a> to "<code>cors</code>".

Issue(w3c/css-houdini-drafts#378): Provide hook for downstream specifications to provide their
destination type.

The specifications which extend/use worklets may have additional security considerations.

Privacy Considerations {#privacy-considerations}
================================================

There are no known privacy impacts for this feature by itself.

The specifications which extend/use worklets may have privacy considerations.

Examples {#examples}
====================
Expand Down