diff --git a/spec.bs b/spec.bs index fcb0a41..a4bf818 100644 --- a/spec.bs +++ b/spec.bs @@ -29,6 +29,8 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/ text: localStorage; url: #dom-localstorage text: broadcast channel; url: #broadcasting-to-other-browsing-contexts text: new broadcastchannel; url: #dom-broadcastchannel + text: shared workers; url: #shared-workers-and-the-sharedworker-interface + text: new sharedworker; url: #dom-sharedworker spec: storage-access; urlPrefix: https://privacycg.github.io/storage-access/ type: dfn for: environment @@ -58,6 +60,9 @@ spec: file-api; urlPrefix: https://www.w3.org/TR/FileAPI/ text: file api; url: text: createobjecturl; url: #dfn-createObjectURL text: revokeobjecturl; url: #dfn-revokeObjectURL +spec: cookies; urlPrefix: https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html + type: dfn + text: samesite; url:#name-the-samesite-attribute-2 
@@ -134,6 +139,7 @@ dictionary StorageAccessTypes {
   boolean createObjectURL = false;
   boolean revokeObjectURL = false;
   boolean BroadcastChannel = false;
+  boolean SharedWorker = false;
 };
 
 interface StorageAccessHandle {
@@ -147,6 +153,7 @@ interface StorageAccessHandle {
   DOMString createObjectURL((Blob or MediaSource) obj);
   undefined revokeObjectURL(DOMString url);
   BroadcastChannel BroadcastChannel(DOMString name);
+  SharedWorker SharedWorker(USVString scriptURL, optional (DOMString or SharedWorkerOptions) options = {});
 };
 
 partial interface Document {
@@ -169,7 +176,7 @@ For now {{Document/hasStorageAccess()}} is not considered deprecated, but that <
 When invoked on {{Document}} |doc|, the requestStorageAccess(types) method must run these steps:
 
 1. Let |p| be [=a new promise=].
-1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/cookies}} is `false` and |types|.{{StorageAccessTypes/sessionStorage}} is `false` and |types|.{{StorageAccessTypes/localStorage}} is `false` and |types|.{{StorageAccessTypes/indexedDB}} is `false` and |types|.{{StorageAccessTypes/locks}} is `false` and |types|.{{StorageAccessTypes/caches}} is `false` and |types|.{{StorageAccessTypes/getDirectory}} is `false` and |types|.{{StorageAccessTypes/estimate}} is `false` and |types|.{{StorageAccessTypes/createObjectURL}} is `false` and |types|.{{StorageAccessTypes/revokeObjectURL}} is `false` and |types|.{{StorageAccessTypes/BroadcastChannel}} is `false`:
+1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/cookies}} is `false` and |types|.{{StorageAccessTypes/sessionStorage}} is `false` and |types|.{{StorageAccessTypes/localStorage}} is `false` and |types|.{{StorageAccessTypes/indexedDB}} is `false` and |types|.{{StorageAccessTypes/locks}} is `false` and |types|.{{StorageAccessTypes/caches}} is `false` and |types|.{{StorageAccessTypes/getDirectory}} is `false` and |types|.{{StorageAccessTypes/estimate}} is `false` and |types|.{{StorageAccessTypes/createObjectURL}} is `false` and |types|.{{StorageAccessTypes/revokeObjectURL}} is `false` and |types|.{{StorageAccessTypes/BroadcastChannel}} is `false` and |types|.{{StorageAccessTypes/SharedWorker}} is `false`:
     1. [=/Reject=] |p| with an "{{InvalidStateError}}" {{DOMException}}.
     1. Return |p|.
 1. Let |requestUnpartitionedCookieAccess| be `true` if |types|.{{StorageAccessTypes/all}} is `true` or |types|.{{StorageAccessTypes/cookies}} is `true`, and `false` otherwise.
@@ -289,9 +296,39 @@ When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |ty
     1. Throw an "{{InvalidStateError}}" {{DOMException}}.
 1. Return the invocation of [=new BroadcastChannel=] with |name|.
 
-
Shared Worker

+
[=Shared Workers=]

+
+Modify [=Shared Workers=] to define the following:
+
+
+enum SameSiteCookiesType { "all", "none" };
+
+dictionary SharedWorkerOptions : WorkerOptions {
+  SameSiteCookiesType sameSiteCookies;
+};
+

+
+The default {{SharedWorkerOptions/sameSiteCookies}} is {{SameSiteCookiesType/all}} in [=first-party-site context=] and {{SameSiteCookiesType/none}} otherwise.
+
+Modify [=new SharedWorker=] to accept {{SharedWorkerOptions}} instead of {{WorkerOptions}}.
 
-TBD
+Modify [=new SharedWorker=] to add a new step below step 1 as follows:
+
+2. If |options|.{{SharedWorkerOptions/sameSiteCookies}} is {{SameSiteCookiesType/all}} and {{Window}}'s [=associated document=] is not [=first-party-site context=], then:
+    1. Throw an "{{InvalidStateError}}" {{DOMException}}.
+
+Note:
+The {{SameSiteCookiesType}} is used to influence which cookies are sent or read during [=fetch=] based on the [=SameSite=] cookie attribute.
+{{SameSiteCookiesType/all}} is only available in [=first-party-site context=] and permits [=SameSite=] "None", "Lax", and "Strict" cookies to be included (if not blocked for some other reason).
+{{SameSiteCookiesType/none}} is available in any context and permits only [=SameSite=] "None" cookies to be included (if not blocked for some other reason).
+
+Issue(21): Clarify SharedWorker usage of {{SharedWorkerOptions/sameSiteCookies}} in more detail.
+
+When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |types|, {{USVString}} |scriptURL|, and {{DOMString}} or {{SharedWorkerOptions}} |options|, the SharedWorker(scriptURL, options) method must run these steps:
+
+1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/SharedWorker}} is `false`:
+    1. Throw an "{{InvalidStateError}}" {{DOMException}}.
+1. Return the invocation of [=new SharedWorker=] with |scriptURL| and |options|.
 
 
Security & Privacy considerations