Contact emails [email protected], [email protected], [email protected], [email protected]
Explainer https://github.com/WICG/shared-storage/blob/main/README.md Specification https://github.com/WICG/shared-storage/pull/161 Summary and Motivation We have received feedback from developers stating they wanted to be able to host and run their worklet script on a separate origin (e.g., a cdn) from the origin that owns and writes their shared storage data. Therefore, we’re removing the same-origin restriction for addModule worklet scripts. Note that, when the worklet script is cross-origin to the invoking context, the invoking context's origin is still used as the partition origin for accessing shared storage. We also made a second change, which is to align the new sharedStorage.createWorklet API (shipped in M125) with addModule to use the calling context’s origin as the data origin by default (instead of the script’s origin as the data origin). This is a breaking change, and we discuss our mitigations below. Blink component Blink>Storage>SharedStorage <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EStorage%3ESharedStorage> Initial public proposal https://github.com/WICG/shared-storage/pull/158 TAG review None TAG review status We asked <https://github.com/w3ctag/design-reviews/issues/747#issuecomment-2075450880> if they’d like to see follow-up changes to shared storage given its unsatisfied status, and have not received a response. We take the lack of response as a signal that they would not like to be made aware of subsequent changes. Risks Interoperability and Compatibility There are no interop risks as no other browser has implemented shared storage. There is a compat risk for the recently released createWorklet API. The worklet created by createWorklet before this change had the data partition of the script’s origin. We’re changing it, to align with addModule, to use the calling context’s origin instead. We’re monitoring usage here <https://chromestatus.com/metrics/feature/timeline/popularity/5007> of the existing API and reaching out to folks using it to let them know that they should make the following forward-compatible change if they want the existing default behavior of createWorklet to continue to function after this change: before: sharedStorage.createWorklet(worklet_url); after: sharedStorage.createWorklet(worklet_url, { dataOrigin: “script-origin” }); The dataOrigin option will be ignored on browsers previous to this change, and honored correctly after. We have created a use counter for usage of createWorklet without the forward-compatible dataOrigin option so that we will know when it’s safe to make this change. We are also monitoring usage of addModule with scripts that are cross-origin to the calling context here <https://chromestatus.com/metrics/feature/timeline/popularity/5028>, as those will suddenly work when they did not before which could be surprising to developers. Gecko: No signal WebKit: No signal Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability None Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? Not yet Flag name on chrome://flags None Finch feature name SharedStorageCrossOriginScript Non-finch justification None Requires code in //chrome? False Estimated milestones M129 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6531477832204288 <https://chromestatus.com/feature/6531477832204288?gate=4670064239050752> This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJ8xcq6H6x59-7%2B562wORY%3Dx7h2M3RWfkvLb6b8EC48KmzvDZA%40mail.gmail.com.
