Comments (7)
I'm supportive of this, probably unsurprisingly. I like that the API design gives no indication that "allow third-party cookies" is a supported state, since all major browsers are moving toward blocking third-party cookie access by default.
from storage-access.
Could you elaborate on the issue with Chromium running all tests as if cross-site cookies are blocked?
With this proposal we might end up with a number of tests that work in all browsers (and that also depends on how these methods function in non-supporting user agents), but we will still have a large number of "broken" tests.
from storage-access.
Right, eventually we'd like to have Chromium run all tests with cross-site cookies blocked. However, that is a much larger effort both technically and (especially) organizationally, and it's not even clear whether this is something our team would be driving.
In the meantime, to make iterative improvements and to support the effort of increasing the number of tests without cross-site cookies enabled, having this capability would be helpful.
from storage-access.
We discussed this at the editor's meeting and ended up re-iterating on two things that we'd like to ensure when committing to this API:
- We should make it as clear as possible that it's only meant for browsers that have not yet deprecated cross-site cookies. In comments, naming and semantics it should be clear that this will have no effect in browsers with blocked cross-site cookies by default.
- The API should ideally just function (i.e. do nothing) out of the box in those browsers, without requiring extra work from their side.
I'll try to prototype this in Chrome to see if this is achievable with the proposed model and report back for follow-up discussion if not.
from storage-access.
Would testdriver.require_cross_site_cookie_blocking
set a flag that persists across navigations? What if the browser crashes and the cleanup function never gets called?
from storage-access.
Would
testdriver.require_cross_site_cookie_blocking
set a flag that persists across navigations?
I guess I was thinking that it could turn on cookie blocking globally, could that be an issue with tests running in parallel? Otherwise we might be able to store some extra information on the browsing context (or what the new term is) to ensure that it is sustained across navigations.
What if the browser crashes and the cleanup function never gets called?
I don't think this setting should persist across restarts.
from storage-access.
This sounds like something that the test runner itself should own, rather than it being controlled via JS. wptrunner
and (I believe) Blink's run_web_tests.py
have ways to set preferences for certain groups of tests, and this doesn't seem meaningfully different from that. Which seems to come back to:
Anne's original suggestion was to have a Chrome-only configuration file somewhere, but having discussed this with @foolip and @jgraham it seems much more difficult to achieve such a setup in a way that would give us the same results as this WebDriver API. As such, I think it's preferable to update and simplify the existing WebDriver API instead.
IMO, this probably makes more sense to have as a thread on https://github.com/web-platform-tests/rfcs, rather than here, because it sounds like there's prior discussion (not linked) that I don't know the context of, and it really is a question of how we change the semantics of the test runner and less a CG matter.
from storage-access.
Related Issues (20)
- permissions.query() tests HOT 1
- Avoid using the permissions task source directly
- Synchronous hasStorageAccess? HOT 4
- Use (top-level site, embedded site) permissions
- Should we expose "denied" storage access permissions?
- Fix references to un-exported definitions in other specs. HOT 2
- hasStorageAccess() deals with promises in parallel HOT 2
- Promise resolution in "determine the storage access policy" seems wrong? HOT 6
- Editorial: stop using first/third-party as terms
- Reloading frame after granted storage access to enable efficient site isolation HOT 8
- Editorial: Remove comments referencing lines of code
- Editorial: Consider removing implementation-defined steps because we have requesting permission to use HOT 1
- How does storage access interact with Dedicated, Shared and Service Workers? HOT 38
- [Per-frame] Permission grants are usable by cross-site iframes HOT 2
- hasStorageAccess() always queues a task to resolve with the environment's boolean? HOT 8
- Top-level calls to navigator.permissions.query for SAA should probably return "granted"
- Feature request: Auto-grant storage access without requiring user interaction or explicit API call in cases determined to be safe HOT 4
- Clarify intended semantics of `document.hasStorageAccess` HOT 5
- Clarify browser specific divergence with requestStorageAccess HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from storage-access.