From 4451cb3bd8dde7a1027c442367c6422dcb53218e Mon Sep 17 00:00:00 2001
From: Ari Chivukula <ari.c@icloud.com>
Date: Tue, 19 Mar 2024 13:04:04 -0400
Subject: [PATCH 1/4] Add SharedWorkers to spec

This is the final part for the initial draft
---
 spec.bs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/spec.bs b/spec.bs
index fcb0a41..0c2b914 100644
--- a/spec.bs
+++ b/spec.bs
@@ -29,6 +29,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/
             text: localStorage; url: #dom-localstorage
             text: broadcast channel; url: #broadcasting-to-other-browsing-contexts
             text: new broadcastchannel; url: #dom-broadcastchannel
+            text: shared workers; url: #shared-workers-and-the-sharedworker-interface
 spec: storage-access; urlPrefix: https://privacycg.github.io/storage-access/
     type: dfn
         for: environment
@@ -134,6 +135,7 @@ dictionary StorageAccessTypes {
   boolean createObjectURL = false;
   boolean revokeObjectURL = false;
   boolean BroadcastChannel = false;
+  boolean SharedWorker = false;
 };
 
 interface StorageAccessHandle {
@@ -147,6 +149,7 @@ interface StorageAccessHandle {
   DOMString createObjectURL((Blob or MediaSource) obj);
   undefined revokeObjectURL(DOMString url);
   BroadcastChannel BroadcastChannel(DOMString name);
+  SharedWorker SharedWorker(USVString scriptURL, optional (DOMString or SharedWorkerOptions) options = {});
 };
 
 partial interface Document {
@@ -169,7 +172,7 @@ For now {{Document/hasStorageAccess()}} is not considered deprecated, but that <
 When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>requestStorageAccess(types)</code></dfn> method must run these steps:
 
 1. Let |p| be [=a new promise=].
-1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/cookies}} is `false` and |types|.{{StorageAccessTypes/sessionStorage}} is `false` and |types|.{{StorageAccessTypes/localStorage}} is `false` and |types|.{{StorageAccessTypes/indexedDB}} is `false` and |types|.{{StorageAccessTypes/locks}} is `false` and |types|.{{StorageAccessTypes/caches}} is `false` and |types|.{{StorageAccessTypes/getDirectory}} is `false` and |types|.{{StorageAccessTypes/estimate}} is `false` and |types|.{{StorageAccessTypes/createObjectURL}} is `false` and |types|.{{StorageAccessTypes/revokeObjectURL}} is `false` and |types|.{{StorageAccessTypes/BroadcastChannel}} is `false`:
+1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/cookies}} is `false` and |types|.{{StorageAccessTypes/sessionStorage}} is `false` and |types|.{{StorageAccessTypes/localStorage}} is `false` and |types|.{{StorageAccessTypes/indexedDB}} is `false` and |types|.{{StorageAccessTypes/locks}} is `false` and |types|.{{StorageAccessTypes/caches}} is `false` and |types|.{{StorageAccessTypes/getDirectory}} is `false` and |types|.{{StorageAccessTypes/estimate}} is `false` and |types|.{{StorageAccessTypes/createObjectURL}} is `false` and |types|.{{StorageAccessTypes/revokeObjectURL}} is `false` and |types|.{{StorageAccessTypes/BroadcastChannel}} is `false` and |types|.{{StorageAccessTypes/SharedWorker}} is `false`:
     1. [=/Reject=] |p| with an "{{InvalidStateError}}" {{DOMException}}.
     1. Return |p|.
 1. Let |requestUnpartitionedCookieAccess| be `true` if |types|.{{StorageAccessTypes/all}} is `true` or |types|.{{StorageAccessTypes/cookies}} is `true`, and `false` otherwise.
@@ -289,7 +292,7 @@ When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |ty
     1. Throw an "{{InvalidStateError}}" {{DOMException}}.
 1. Return the invocation of [=new BroadcastChannel=] with |name|.
 
-<h4 id="shared-worker">Shared Worker</h4>
+<h4 id="shared-worker">[=Shared Workers=]</h4>
 
 TBD
 

From 849f63a445d577f4860293c1dd7dbf72ba283d0e Mon Sep 17 00:00:00 2001
From: Ari Chivukula <ari.c@icloud.com>
Date: Tue, 19 Mar 2024 17:24:33 +0000
Subject: [PATCH 2/4] fix

---
 spec.bs | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index 0c2b914..93c2161 100644
--- a/spec.bs
+++ b/spec.bs
@@ -30,6 +30,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/
             text: broadcast channel; url: #broadcasting-to-other-browsing-contexts
             text: new broadcastchannel; url: #dom-broadcastchannel
             text: shared workers; url: #shared-workers-and-the-sharedworker-interface
+            text: new sharedworker; url: #dom-sharedworker
 spec: storage-access; urlPrefix: https://privacycg.github.io/storage-access/
     type: dfn
         for: environment
@@ -59,6 +60,9 @@ spec: file-api; urlPrefix: https://www.w3.org/TR/FileAPI/
         text: file api; url:
         text: createobjecturl; url: #dfn-createObjectURL
         text: revokeobjecturl; url: #dfn-revokeObjectURL
+spec: cookies; urlPrefix: https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html
+    type: dfn
+        text: samesite; url:#name-the-samesite-attribute-2
 </pre>
 
 <pre class=biblio>
@@ -294,7 +298,30 @@ When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |ty
 
 <h4 id="shared-worker">[=Shared Workers=]</h4>
 
-TBD
+Modify [=Shared Workers=] to define the following:
+
+<pre class="idl">
+enum SameSiteCookiesType { "all", "none" };
+
+dictionary SharedWorkerOptions : WorkerOptions {
+  SameSiteCookiesType sameSiteCookies;
+};
+</pre>
+
+Modify [=new SharedWorker=] to accept {{SharedWorkerOptions}} instead of {{WorkerOptions}}.
+
+Note:
+The {{SameSiteCookiesType}} is used to influence which cookies are sent or read during [=fetch=] based on the [=SameSite=] cookie attribute.
+{{SameSiteCookiesType/all}} is only available in [=first-party-site context=] and permits [=SameSite=] "None", "Lax", and "Strict" cookies to be included (if not blocked for some other reason).
+{{SameSiteCookiesType/none}} is only available in any context and permits only [=SameSite=] "None" cookies to be included (if not blocked for some other reason).
+
+Issue(21): Clarify SharedWorker usage of {{SharedWorkerOptions/sameSiteCookies}} in more detail.
+
+When invoked on {{StorageAccessHandle}} |handle| with {{StorageAccessTypes}} |types|, {{USVString}} |scriptURL|, and {{DOMString}} or {{SharedWorkerOptions}} |options|, the <dfn export method for=StorageAccessHandle><code>SharedWorker(scriptURL, options)</code></dfn> method must run these steps:
+
+1. If |types|.{{StorageAccessTypes/all}} is `false` and |types|.{{StorageAccessTypes/SharedWorker}} is `false`:
+    1. Throw an "{{InvalidStateError}}" {{DOMException}}.
+1. Return the invocation of [=new SharedWorker=] with |scriptURL| and |options|.
 
 <h2 id="privacy">Security & Privacy considerations</h2>
 

From e1b8c0c929ae9dc193fe43d8f8b6c4f76d4c1d34 Mon Sep 17 00:00:00 2001
From: Ari Chivukula <ari.c@icloud.com>
Date: Tue, 19 Mar 2024 17:32:55 +0000
Subject: [PATCH 3/4] fix

---
 spec.bs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/spec.bs b/spec.bs
index 93c2161..ba34f0c 100644
--- a/spec.bs
+++ b/spec.bs
@@ -308,8 +308,15 @@ dictionary SharedWorkerOptions : WorkerOptions {
 };
 </pre>
 
+The default {{SharedWorkerOptions/sameSiteCookies}} is {{SameSiteCookiesType/all}} in [=first-party-site context=] and {{SameSiteCookiesType/none}} otherwise.
+
 Modify [=new SharedWorker=] to accept {{SharedWorkerOptions}} instead of {{WorkerOptions}}.
 
+Modify [=new SharedWorker=] to add a new step below step 1 as follows:
+
+2. If |options|.{{SharedWorkerOptions/sameSiteCookies}} is {{SameSiteCookiesType/all}} and {{Window}}'s [=associated document=] is not [=first-party-site context=], then:
+    1. Throw an "{{InvalidStateError}}" {{DOMException}}.
+
 Note:
 The {{SameSiteCookiesType}} is used to influence which cookies are sent or read during [=fetch=] based on the [=SameSite=] cookie attribute.
 {{SameSiteCookiesType/all}} is only available in [=first-party-site context=] and permits [=SameSite=] "None", "Lax", and "Strict" cookies to be included (if not blocked for some other reason).

From acdc87f4edf2de8f896677c1f317d1f797cc8ed8 Mon Sep 17 00:00:00 2001
From: Johann Hofmann <johannhof@chromium.org>
Date: Tue, 19 Mar 2024 20:57:33 +0100
Subject: [PATCH 4/4] Update spec.bs

---
 spec.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec.bs b/spec.bs
index ba34f0c..a4bf818 100644
--- a/spec.bs
+++ b/spec.bs
@@ -320,7 +320,7 @@ Modify [=new SharedWorker=] to add a new step below step 1 as follows:
 Note:
 The {{SameSiteCookiesType}} is used to influence which cookies are sent or read during [=fetch=] based on the [=SameSite=] cookie attribute.
 {{SameSiteCookiesType/all}} is only available in [=first-party-site context=] and permits [=SameSite=] "None", "Lax", and "Strict" cookies to be included (if not blocked for some other reason).
-{{SameSiteCookiesType/none}} is only available in any context and permits only [=SameSite=] "None" cookies to be included (if not blocked for some other reason).
+{{SameSiteCookiesType/none}} is available in any context and permits only [=SameSite=] "None" cookies to be included (if not blocked for some other reason).
 
 Issue(21): Clarify SharedWorker usage of {{SharedWorkerOptions/sameSiteCookies}} in more detail.