RESOLVED FIXED 217077
Storage Access API: Enable per-page storage access scope and align test cases 
https://bugs.webkit.org/show_bug.cgi?id=217077
Summary Storage Access API: Enable per-page storage access scope and align test cases
John Wilander
Reported 2020-09-28 19:28:32 PDT
It was decided in https://github.com/privacycg/storage-access/issues/3 that browsers should grant storage access for all same-site resources on the whole page, not just the requesting iframe.
Attachments
Patch (22.61 KB, patch)
2020-09-28 19:48 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch for landing (15.74 KB, patch)
2020-09-30 17:59 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch for landing (15.75 KB, patch)
2020-09-30 18:01 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch (18.13 KB, patch)
2020-10-04 21:17 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
John Wilander
Comment 1 2020-09-28 19:28:47 PDT
<rdar://problem/69017878>
John Wilander
Comment 2 2020-09-28 19:48:57 PDT
Created attachment 409955 [details] Patch
Brent Fulgham
Comment 3 2020-09-30 09:55:14 PDT
Comment on attachment 409955 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409955&action=review > Source/WebCore/ChangeLog:21 > + Changed the default setting for m_storageAccessScope. "to per-page." > Source/WebCore/page/Settings.yaml:705 > + initial: true Does this setting only exist to support test cases? I wonder if we should have some place to collect these kinds of settings (not relevant to this patch today, just an idea).
John Wilander
Comment 4 2020-09-30 17:59:38 PDT
Created attachment 410184 [details] Patch for landing
John Wilander
Comment 5 2020-09-30 18:01:16 PDT
Created attachment 410185 [details] Patch for landing
John Wilander
Comment 6 2020-09-30 18:03:35 PDT
(In reply to Brent Fulgham from comment #3) > Comment on attachment 409955 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=409955&action=review > > > Source/WebCore/ChangeLog:21 > > + Changed the default setting for m_storageAccessScope. > > "to per-page." Fixed. > > Source/WebCore/page/Settings.yaml:705 > > + initial: true > > Does this setting only exist to support test cases? I wonder if we should > have some place to collect these kinds of settings (not relevant to this > patch today, just an idea). It is only for test cases, yes.
John Wilander
Comment 7 2020-09-30 18:03:46 PDT
Also, thanks for the review, Brent!
EWS
Comment 8 2020-09-30 20:21:12 PDT
Committed r267817: <https://trac.webkit.org/changeset/267817> All reviewed patches have been landed. Closing bug and clearing flags on attachment 410185 [details].
Truitt Savell
Comment 9 2020-10-01 08:15:22 PDT
It looks like the changes in https://trac.webkit.org/changeset/267817/webkit broke these two tests http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction.html http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html History: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=http%2Ftests%2FstorageAccess%2Frequest-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction.html&test=http%2Ftests%2FstorageAccess%2Frequest-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html Diffs --- /Volumes/Data/slave/catalina-release-tests-wk2/build/layout-test-results/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction-expected.txt +++ /Volumes/Data/slave/catalina-release-tests-wk2/build/layout-test-results/http/tests/storageAccess/request-and-grant-access-cross-origin-sandboxed-iframe-from-prevalent-domain-without-user-interaction-actual.txt @@ -3,8 +3,9 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". -PASS Storage access was denied. document.cookie == , cookies seen server-side == "No cookies" +FAIL FAIL Storage access was granted and requestStorageAccessResolved was not granted but should not have been granted. document.cookie == PASS successfullyParsed is true +Some tests failed. TEST COMPLETE --- /Volumes/Data/slave/catalina-release-tests-wk2/build/layout-test-results/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token-expected.txt +++ /Volumes/Data/slave/catalina-release-tests-wk2/build/layout-test-results/http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token-actual.txt @@ -3,8 +3,9 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". -PASS Storage access was denied. document.cookie == , cookies seen server-side == "No cookies" +FAIL Storage access was granted and requestStorageAccessResolved was not granted but should not have been granted. document.cookie == PASS successfullyParsed is true +Some tests failed. TEST COMPLETE
John Wilander
Comment 10 2020-10-01 08:24:50 PDT
All tests passed on my system and the previous patch was all green on EWS. You can revert my patch if you want. I’ll investigate.
John Wilander
Comment 11 2020-10-01 10:43:23 PDT
I can reproduce the failures when not running with the -f flag.
Truitt Savell
Comment 12 2020-10-02 14:53:14 PDT
Reverted r267817 for reason: Broke two tests on Mac Committed r267897: <https://trac.webkit.org/changeset/267897>
John Wilander
Comment 13 2020-10-04 21:17:25 PDT
Created attachment 410500 [details] Patch
John Wilander
Comment 14 2020-10-04 21:19:11 PDT
Comment on attachment 410500 [details] Patch Brent, I fixed the two failing tests by adding WebPage::clearPageLevelStorageAccess() and calling it in WebProcess::clearResourceLoadStatistics(). Your name is still as reviewer in the change log. If it looks good to you, please cq+. Thanks!
EWS
Comment 15 2020-10-05 09:42:12 PDT
Committed r267973: <https://trac.webkit.org/changeset/267973> All reviewed patches have been landed. Closing bug and clearing flags on attachment 410500 [details].
Note You need to log in before you can comment on or make changes to this bug.