Merge pull request #20 from privacycg/shared-workers

Add SharedWorkers to spec

spec.bs

@@ -29,6 +29,8 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/
  text: localStorage; url: #dom-localstorage
  text: broadcast channel; url: #broadcasting-to-other-browsing-contexts
  text: new broadcastchannel; url: #dom-broadcastchannel
+ text: shared workers; url: #shared-workers-and-the-sharedworker-interface
+ text: new sharedworker; url: #dom-sharedworker
 spec: storage-access; urlPrefix: https://privacycg.github.io/storage-access/
  type: dfn
  for: environment
@@ -58,6 +60,9 @@ spec: file-api; urlPrefix: https://www.w3.org/TR/FileAPI/
  text: file api; url:
  text: createobjecturl; url: #dfn-createObjectURL
  text: revokeobjecturl; url: #dfn-revokeObjectURL
+spec: cookies; urlPrefix: https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html
+ type: dfn
+ text: samesite; url:#name-the-samesite-attribute-2
 </pre>
 
 <pre class=biblio>
@@ -134,6 +139,7 @@ dictionary StorageAccessTypes {
  boolean createObjectURL = false;
  boolean revokeObjectURL = false;
  boolean BroadcastChannel = false;
+ boolean SharedWorker = false;
 };
 
 interface StorageAccessHandle {
@@ -147,6 +153,7 @@ interface StorageAccessHandle {
  DOMString createObjectURL((Blob or MediaSource) obj);
  undefined revokeObjectURL(DOMString url);
  BroadcastChannel BroadcastChannel(DOMString name);
+ SharedWorker SharedWorker(USVString scriptURL, optional (DOMString or SharedWorkerOptions) options = {});
 };
 
 partial interface Document {
@@ -169,7 +176,7 @@ For now {{Document/hasStorageAccess()}} is not considered deprecated, but that <
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess(types)</code></dfn> method must run these steps:
 
 1. Let |p| be [=a new promise=].
-1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/cookies}} is `false` and |types|.{{StorageAccessTypes/sessionStorage}} is `false` and |types|.{{StorageAccessTypes/localStorage}} is `false` and |types|.{{StorageAccessTypes/indexedDB}} is `false` and |types|.{{StorageAccessTypes/locks}} is `false` and |types|.{{StorageAccessTypes/caches}} is `false` and |types|.{{StorageAccessTypes/getDirectory}} is `false` and |types|.{{StorageAccessTypes/estimate}} is `false` and |types|.{{StorageAccessTypes/createObjectURL}} is `false` and |types|.{{StorageAccessTypes/revokeObjectURL}} is `false` and |types|.{{StorageAccessTypes/BroadcastChannel}} is `false`:
+1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/cookies}} is `false` and |types|.{{StorageAccessTypes/sessionStorage}} is `false` and |types|.{{StorageAccessTypes/localStorage}} is `false` and |types|.{{StorageAccessTypes/indexedDB}} is `false` and |types|.{{StorageAccessTypes/locks}} is `false` and |types|.{{StorageAccessTypes/caches}} is `false` and |types|.{{StorageAccessTypes/getDirectory}} is `false` and |types|.{{StorageAccessTypes/estimate}} is `false` and |types|.{{StorageAccessTypes/createObjectURL}} is `false` and |types|.{{StorageAccessTypes/revokeObjectURL}} is `false` and |types|.{{StorageAccessTypes/BroadcastChannel}} is `false` and |types|.{{StorageAccessTypes/SharedWorker}} is `false`:
  1. [=/Reject=] |p| with an "{{InvalidStateError}}" {{DOMException}}.
  1. Return |p|.
 1. Let |requestUnpartitionedCookieAccess| be `true` if |types|.{{StorageAccessTypes/all}} is `true` or |types|.{{StorageAccessTypes/cookies}} is `true`, and `false` otherwise.
@@ -289,9 +296,39 @@ When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |ty
  1. Throw an "{{InvalidStateError}}" {{DOMException}}.
 1. Return the invocation of [=new BroadcastChannel=] with |name|.
 
-<h4 id="shared-worker">Shared Worker</h4>
+<h4 id="shared-worker">[=Shared Workers=]</h4>
+
+Modify [=Shared Workers=] to define the following:
+
+<pre class="idl">
+enum SameSiteCookiesType { "all", "none" };
+
+dictionary SharedWorkerOptions : WorkerOptions {
+ SameSiteCookiesType sameSiteCookies;
+};
+</pre>
+
+The default {{SharedWorkerOptions/sameSiteCookies}} is {{SameSiteCookiesType/all}} in [=first-party-site context=] and {{SameSiteCookiesType/none}} otherwise.
+
+Modify [=new SharedWorker=] to accept {{SharedWorkerOptions}} instead of {{WorkerOptions}}.
 
-TBD
+Modify [=new SharedWorker=] to add a new step below step 1 as follows:
+
+2. If |options|.{{SharedWorkerOptions/sameSiteCookies}} is {{SameSiteCookiesType/all}} and {{Window}}'s [=associated document=] is not [=first-party-site context=], then:
+ 1. Throw an "{{InvalidStateError}}" {{DOMException}}.
+
+Note:
+The {{SameSiteCookiesType}} is used to influence which cookies are sent or read during [=fetch=] based on the [=SameSite=] cookie attribute.
+{{SameSiteCookiesType/all}} is only available in [=first-party-site context=] and permits [=SameSite=] "None", "Lax", and "Strict" cookies to be included (if not blocked for some other reason).
+{{SameSiteCookiesType/none}} is available in any context and permits only [=SameSite=] "None" cookies to be included (if not blocked for some other reason).
+
+Issue(21): Clarify SharedWorker usage of {{SharedWorkerOptions/sameSiteCookies}} in more detail.
+
+When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |types|, {{USVString}} |scriptURL|, and {{DOMString}} or {{SharedWorkerOptions}} |options|, the <dfn export method for=StorageAccessHandle><code>SharedWorker(scriptURL, options)</code></dfn> method must run these steps:
+
+1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/SharedWorker}} is `false`:
+ 1. Throw an "{{InvalidStateError}}" {{DOMException}}.
+1. Return the invocation of [=new SharedWorker=] with |scriptURL| and |options|.
 
 <h2 id="privacy">Security & Privacy considerations</h2>