From eed0df0eb73dca67656c4e2a1e8ef800c7ea28c2 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Tue, 9 Apr 2024 18:18:56 +0000 Subject: [PATCH 1/7] add credentialless iframe spec --- spec.bs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/spec.bs b/spec.bs index 7d580e4..f331154 100644 --- a/spec.bs +++ b/spec.bs @@ -74,6 +74,19 @@ spec: url; for:/; type: dfn; text: url "deliveredBy": [ "https://wicg.io/" ] + }, + "anonymous-iframe": { + "authors": [ + "Arthur Sonzogni", + "Camille Lamy" + ], + "href": "https://wicg.github.io/anonymous-iframe/", + "title": "Iframe credentialless", + "status": "CG-DRAFT", + "publisher": "WICG", + "deliveredBy": [ + "https://wicg.io/" + ] } } From 9b9be966c5ef1e8ce6fd3382d457aae4f26f6fa1 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Thu, 11 Apr 2024 16:26:35 +0000 Subject: [PATCH 2/7] iframe credentialless section --- spec.bs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index f331154..ac116e2 100644 --- a/spec.bs +++ b/spec.bs @@ -75,7 +75,7 @@ spec: url; for:/; type: dfn; text: url "https://wicg.io/" ] }, - "anonymous-iframe": { + "iframe-credentialless": { "authors": [ "Arthur Sonzogni", "Camille Lamy" @@ -3304,6 +3304,10 @@ at the expense of some utility. +

Iframe credentialless

+ +The [[!IFRAME-CREDENTIALLESS]] specification +

Security & Privacy Considerations

This material is being upstreamed from our explainer into this specification, and in the meantime From 2969e29aad48d8d7deb4ad3d4cdc53eaf3aeae26 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Thu, 25 Apr 2024 23:25:39 +0000 Subject: [PATCH 3/7] add skeleton --- spec.bs | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index ac116e2..dabaa5f 100644 --- a/spec.bs +++ b/spec.bs @@ -3306,7 +3306,50 @@ at the expense of some utility.

Iframe credentialless

-The [[!IFRAME-CREDENTIALLESS]] specification +Note: The [[!IFRAME-CREDENTIALLESS]] specification defines a new object, the +[=page credentialless nonce=]. At a high level, the +[=fenced frame config instance/partition nonce=] serves the same purpose as the +[=page credentialless nonce=] (partitioning storage and network), but scoped to each fenced +frame rather than to each credentialless iframe. The +[=fenced frame config instance/partition nonce=] is also used to revoke network access in fenced +frames. + +Add the following algorithm: + +
+ To compute the effective partition nonce given a + boolean |isCredentialless| and [=fenced frame config instance/partition nonce=] or null + |newFencedFrameNonce|: + + 1. If |credentialless| is true, return |this|'s [=top-level browsing context=]'s + [=page credentialless nonce=]. + + 1. If |newFencedFrameNonce| is not null, return |newFencedFrameNonce|. + + 1. Let |instance| be |this|'s [=browsing context/fenced frame config instance=]. + + 1. If |instance| is null, return null. + + 1. Return |instance|'s [=fenced frame config instance/partition nonce=]. +
+ +
+ Modify the step added to [=process a navigate fetch=] to read: + + 13. Let |partitionNonce| be the result of [=computing the effective partition nonce=] on + |browsingContext| given |credentialless| and |sourceSnapshotParams|'s + [=source snapshot params/target fenced frame config=]. +
+ +
+ Modify the step added to [=initialize the document object=] to read: + + 6.9. Let |partitionNonce| be the result of [=computing the effective partition nonce=] on + |browsingContext| given |navigationParams|'s [=credentialless=] and null if + |navigationParams|'s [=navigation params/fenced frame config instance=] is null else + |navigationParams|'s [=navigation params/fenced frame config instance=]'s + [=fenced frame config instance/partition nonce=]. +

Security & Privacy Considerations

From 1f35fdb00535701cd67f20b88f65484eb145783c Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Mon, 19 Aug 2024 02:56:55 +0000 Subject: [PATCH 4/7] address comments --- spec.bs | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/spec.bs b/spec.bs index dabaa5f..3327ea6 100644 --- a/spec.bs +++ b/spec.bs @@ -147,6 +147,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/ urlPrefix: browsing-the-web.html text: create and initialize a Document object; url: initialise-the-document-object text: create navigation params by fetching; url: create-navigation-params-by-fetching + text: process a navigate fetch; url: process-a-navigate-fetch text: document state; url: she-document-state text: historyHandling; url: navigation-hh text: referrerPolicy; url: navigation-referrer-policy @@ -217,6 +218,8 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/ text: fire a click event; url: fire-a-click-event urlPrefix: urls-and-fetching.html text: about:srcdoc; url: about:srcdoc + urlPrefix: document-lifestyle.html + text: initialize the document object; url: initialise-the-document-object spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/ type: dfn text: queue a cross-origin embedder policy CORP violation report; url: queue-a-cross-origin-embedder-policy-corp-violation-report @@ -267,6 +270,9 @@ spec: attribution-reporting; urlPrefix: https://wicg.github.io/attribution-repor spec: turtledove; urlPrefix: https://wicg.github.io/turtledove/ type: dfn text: construct a pending fenced frame config; url: construct-a-pending-fenced-frame-config +spec: iframe-credentialless; urlPrefix: https://wicg.github.io/anonymous-iframe/ + type: dfn + text: credentialless; url: navigation-params-credentialless