From c9cbe3fd7fd82056acda59fa500b37b11d219b65 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Wed, 3 Apr 2024 19:18:35 +0000 Subject: [PATCH 01/10] disableUntrustedNetwork skeleton --- spec.bs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/spec.bs b/spec.bs index f061739..cfdc138 100644 --- a/spec.bs +++ b/spec.bs @@ -1516,6 +1516,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. undefined reportEvent(optional ReportEventType event = {}); undefined setReportEventDataForAutomaticBeacons(optional FenceEvent event = {}); sequence<FencedFrameConfig> getNestedConfigs(); + Promise<undefined> disableUntrustedNetwork(); }; @@ -1699,6 +1700,19 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. +
+ The disableUntrustedNetwork() method steps are: + + 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s + [=browsing context/fenced frame config instance=]. + + 1. If |instance| is null, then return. + + 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s + [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then + return. +
+

New [=request=] [=request/destination=]

The processing model of a <{fencedframe}>'s navigation request deviates from that of the normal From 39d31fb7171adf377173899b8b581d8e88ff0823 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Tue, 9 Apr 2024 16:45:31 +0000 Subject: [PATCH 02/10] fill out more --- spec.bs | 48 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/spec.bs b/spec.bs index cfdc138..d44443f 100644 --- a/spec.bs +++ b/spec.bs @@ -1143,11 +1143,14 @@ A fenced frame config is a [=struct=] with the following [=str : embedder shared storage context :: null, or a [=string=] - + : is ad component - :: A [=boolean=]. Defaulting to false. + :: A [=boolean=], defaults to false. + + : can disable untrusted network + :: A [=boolean=], defaults to true. - + Note: When true, this [=fenced frame config=] reprsents an ad component. An ad component can be used to construct ads composed of multiple pieces. See the Protected @@ -1196,8 +1199,14 @@ A fenced frame config instance is a [=struct=] with the follow : embedder shared storage context :: null, or a [=string=] - + : is ad component + :: A [=boolean=] + + : can disable untrusted network + :: A [=boolean=] + + : has disabled untrusted network :: A [=boolean=], initially false. @@ -1280,9 +1289,15 @@ A fenced frame config instance is a [=struct=] with the follow : [=fenced frame config instance/embedder shared storage context=] :: |config|'s [=fenced frame config/embedder shared storage context=] - + : [=fenced frame config instance/is ad component=] :: |config|'s [=fenced frame config/is ad component=] + + : [=fenced frame config instance/can disable untrusted network=] + :: |config|'s [=fenced frame config/can disable untrusted network=] + + : [=fenced frame config instance/has disabled untrusted network=] + :: false Each [=browsing context=] has a fenced frame config instance, @@ -1708,9 +1723,32 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. If |instance| is null, then return. + 1. If |instance|'s [=fenced frame config instance/can disable untrusted network=] is false, then + return. + 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then return. + + 1. Let |p| be [=a new promise=]. + + 1. Let |global| be [=this=]'s [=relevant global object=]. + + 1. Run the following steps [=in parallel=]: + + 1. Let |fencedFrameNonce| be |instance|'s [=fenced frame config instance/partition nonce=]. + + 1. TODO: Let |credentiallessNonce| be the page credentialless nonce. + + 1. TODO: Actually revoke the partition nonces |fencedFrameNonce| and + |credentiallessNonce|. + + 1. TODO: Wait on all nested fenced frames to disable network too. + + 1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to + [=resolve=] |p| with {{undefined}}. + + 1. Return |p|.

New [=request=] [=request/destination=]

From 7eaf2b102c71801e340cae3042df3eb425de6ad6 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Tue, 9 Apr 2024 16:47:24 +0000 Subject: [PATCH 03/10] more --- spec.bs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec.bs b/spec.bs index d44443f..b217e58 100644 --- a/spec.bs +++ b/spec.bs @@ -1743,6 +1743,8 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. TODO: Actually revoke the partition nonces |fencedFrameNonce| and |credentiallessNonce|. + 1. Set |instance|'s [=fenced frame config instance/has disabled untrusted network=] to true. + 1. TODO: Wait on all nested fenced frames to disable network too. 1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to From c4705a66f64e7c872f4486b14772468975e2f469 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Thu, 11 Apr 2024 18:13:59 +0000 Subject: [PATCH 04/10] address comments --- spec.bs | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/spec.bs b/spec.bs index b217e58..7888410 100644 --- a/spec.bs +++ b/spec.bs @@ -1718,19 +1718,19 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
The disableUntrustedNetwork() method steps are: + 1. Let |p| be [=a new promise=]. + 1. Let |instance| be [=this=]'s [=relevant global object=]'s [=Window/browsing context=]'s [=browsing context/fenced frame config instance=]. - 1. If |instance| is null, then return. + 1. If |instance| is null, then [=resolve=] |p| with {{undefined}} and return |p|. 1. If |instance|'s [=fenced frame config instance/can disable untrusted network=] is false, then - return. + [=resolve=] |p| with {{undefined}} and return |p|. 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then - return. - - 1. Let |p| be [=a new promise=]. + [=resolve=] |p| with {{undefined}} and return |p|. 1. Let |global| be [=this=]'s [=relevant global object=]. @@ -1738,14 +1738,22 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. Let |fencedFrameNonce| be |instance|'s [=fenced frame config instance/partition nonce=]. - 1. TODO: Let |credentiallessNonce| be the page credentialless nonce. + 1. Let |credentiallessNonce| be + + Issue: the page credentialless nonce + (WICG/fenced-frame#151) - 1. TODO: Actually revoke the partition nonces |fencedFrameNonce| and - |credentiallessNonce|. + 1. Revoke the partition nonces |fencedFrameNonce| and |credentiallessNonce|. + + Issue: Spec the revocation process. + (WICG/fenced-frame#151) 1. Set |instance|'s [=fenced frame config instance/has disabled untrusted network=] to true. - 1. TODO: Wait on all nested fenced frames to disable network too. + 1. Wait on all nested fenced frames to disable network too. + + Issue: Spec this waiting more formally. + (WICG/fenced-frame#151) 1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to [=resolve=] |p| with {{undefined}}. From 55b26c322b5a51dd3bea3a7649b673a4a207c445 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Sat, 4 May 2024 16:43:00 -0400 Subject: [PATCH 05/10] Update spec.bs --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index 1edf7e3..d10909d 100644 --- a/spec.bs +++ b/spec.bs @@ -1148,7 +1148,7 @@ A fenced frame config is a [=struct=] with the following [=str :: A [=boolean=], initially false. : can disable untrusted network - :: A [=boolean=], defaults to true. + :: A [=boolean=], initially true. : cross-origin reporting allowed :: A [=boolean=], initially false. From f57621fda2b185377353d66fe635b86b29e7fa08 Mon Sep 17 00:00:00 2001 From: Garrett Tanzer Date: Mon, 8 Jul 2024 14:02:22 -0400 Subject: [PATCH 06/10] Update issue number for waiting --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index d10909d..8db4e99 100644 --- a/spec.bs +++ b/spec.bs @@ -1792,7 +1792,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. Wait on all nested fenced frames to disable network too. Issue: Spec this waiting more formally. - (WICG/fenced-frame#151) + (WICG/fenced-frame#168) 1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to [=resolve=] |p| with {{undefined}}. From 6b61a85a07b30a51be7790ae1f901d4fc9d02185 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Thu, 12 Sep 2024 13:41:16 -0400 Subject: [PATCH 07/10] remove "can disable untrusted network" --- spec.bs | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/spec.bs b/spec.bs index cfd0dab..d379907 100644 --- a/spec.bs +++ b/spec.bs @@ -1208,9 +1208,6 @@ A fenced frame config is a [=struct=] with the following [=str : is ad component :: A [=boolean=], initially false. - : can disable untrusted network - :: A [=boolean=], initially true. - : cross-origin reporting allowed :: A [=boolean=], initially false. @@ -1267,9 +1264,6 @@ A fenced frame config instance is a [=struct=] with the follow : is ad component :: A [=boolean=] - : can disable untrusted network - :: A [=boolean=] - : has disabled untrusted network :: A [=boolean=], initially false. @@ -1360,9 +1354,6 @@ A fenced frame config instance is a [=struct=] with the follow : [=fenced frame config instance/is ad component=] :: |config|'s [=fenced frame config/is ad component=] - : [=fenced frame config instance/can disable untrusted network=] - :: |config|'s [=fenced frame config/can disable untrusted network=] - : [=fenced frame config instance/has disabled untrusted network=] :: false @@ -1845,8 +1836,9 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. If |instance| is null, then [=resolve=] |p| with {{undefined}} and return |p|. - 1. If |instance|'s [=fenced frame config instance/can disable untrusted network=] is false, then - [=resolve=] |p| with {{undefined}} and return |p|. + 1. If [=this=]'s [=relevant global object=]'s [=Window/navigable=]'s [=navigable/traversable + navigable=] is not a [=fenced navigable container/fenced navigable=], then [=resolve=] |p| with + {{undefined}} and return |p|. 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then From a04f1a25dd95b1749dd39553e70c620e2fc668f7 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Thu, 12 Sep 2024 15:17:11 -0400 Subject: [PATCH 08/10] convert origin check into assert --- spec.bs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/spec.bs b/spec.bs index d379907..fc80b88 100644 --- a/spec.bs +++ b/spec.bs @@ -1836,14 +1836,16 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. If |instance| is null, then [=resolve=] |p| with {{undefined}} and return |p|. + 1. [=Assert=]: the [=relevant settings object=]'s [=environment settings object/origin=] and + |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are [=same origin=]. + + Note: Only contexts that are [=same origin=] to the [=fenced frame config instance/mapped url=] + described in the [=fenced frame config instance=] are allowed to call this API. + 1. If [=this=]'s [=relevant global object=]'s [=Window/navigable=]'s [=navigable/traversable navigable=] is not a [=fenced navigable container/fenced navigable=], then [=resolve=] |p| with {{undefined}} and return |p|. - 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s - [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then - [=resolve=] |p| with {{undefined}} and return |p|. - 1. Let |global| be [=this=]'s [=relevant global object=]. 1. Run the following steps [=in parallel=]: From 7701d5715c62fc23d7a5f280c4ec2df419130b97 Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Thu, 12 Sep 2024 15:20:41 -0400 Subject: [PATCH 09/10] change credentialless issue link --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index fc80b88..f056aae 100644 --- a/spec.bs +++ b/spec.bs @@ -1855,7 +1855,7 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. Let |credentiallessNonce| be Issue: the page credentialless nonce - (WICG/fenced-frame#151) + (WICG/fenced-frame#191) 1. Revoke the partition nonces |fencedFrameNonce| and |credentiallessNonce|. From 2f16a8416eca344a74143b413333ae8d81b9386e Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Fri, 4 Oct 2024 16:09:32 -0400 Subject: [PATCH 10/10] turn assert into promise rejection --- spec.bs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/spec.bs b/spec.bs index f056aae..38577dc 100644 --- a/spec.bs +++ b/spec.bs @@ -1836,11 +1836,9 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. If |instance| is null, then [=resolve=] |p| with {{undefined}} and return |p|. - 1. [=Assert=]: the [=relevant settings object=]'s [=environment settings object/origin=] and - |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are [=same origin=]. - - Note: Only contexts that are [=same origin=] to the [=fenced frame config instance/mapped url=] - described in the [=fenced frame config instance=] are allowed to call this API. + 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and + |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same + origin=], then [=reject=] |p| with a {{TypeError}}. 1. If [=this=]'s [=relevant global object=]'s [=Window/navigable=]'s [=navigable/traversable navigable=] is not a [=fenced navigable container/fenced navigable=], then [=resolve=] |p| with