On 10/8/24 8:15 AM, Camille Lamy wrote:
Contact emails
v...@chromium.org cl...@chromium.org
Explainer
https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k
<https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k>
Specification
https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects
<https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects>
Design docs Including the new security requirements
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer
<https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer>
Discussion how and what to gate
https://github.com/whatwg/html/issues/4732
<https://github.com/whatwg/html/issues/4732>
Summary
‘SharedArrayBuffers’ (SABs) on desktop platforms are restricted to
cross-origin isolated environments, matching the behavior we've
recently shipped on Android and Firefox. We've performed that change
in Chrome 92. A reverse OT was started to give developers the option
to use SABs in case they are not able to adopt cross origin isolation yet.
We’ve worked with multiple internal and external users of the OT to
understand their use cases and why they can’t adopt yet. With
COEP:credentialless and iframes credentialless now available, the SAB
non COI usage went further down.
Unfortunately, the cascading requirements of COEP are still a blocker
for COI adoption. Some of the users of the OT rely heavily on
credentialled cross-origin subresources, so credentialless modes are
not an option for them. And their apps are complex enough that they
are still blocked on child iframes supporting COEP.
To address this, we’ve explored ways of enabling COI that would take
advantage of process isolation in order to waive requirements on child
frames to enforce COEP.
We’ll be sending out the I2E for Document-Isolation-Policy in the
coming weeks and are aiming to OT it starting with M132. Giving
developers 3 milestones to verify and provide feedback, we’re aiming
for a release in M135.
As we know the cascading is the final blocker for COI adoption and
therefore SAB usage on Desktop, we’re asking to extend the OT to M136.
Blink component
Blink>JavaScript
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EJavaScript>
Search tags
SharedArrayBuffer
<https://chromestatus.com/features#tags:SharedArrayBuffer>,SAB
<https://chromestatus.com/features#tags:SAB>
TAG review
https://github.com/w3ctag/design-reviews/issues/471
<https://github.com/w3ctag/design-reviews/issues/471>
TAG review status
Closed
Risks
Interoperability and Compatibility
We expect this change to negatively impact developers using
`SharedArrayBuffer` today. Chrome was the only platform where SABs
have been available without COOP/COEP. Therefore we need to give
developers the right capabilities and a clear path forward to ensure
they have enough time to adopt. We aim to mitigate these risks by
adopting a longer-than-usual depreciation period with console
warnings/issues and a reverse origin trial.
Good news is usage is down to ~0.0223%
<https://chromestatus.com/metrics/feature/popularity#V8SharedArrayBufferConstructedWithoutIsolation>page
loads and that other browsers have or are shipping SABs again gated
behind COOP/COEP. Bad news is that Chromium was the only browser that
supported SABs without COI, therefore we need to provide a migration
path to not break existing sites.
Looking at
https://chromestatus.com/metrics/feature/timeline/popularity/3721 - it
seems that usage has ~doubled in the past month. Do you have any
concerns about this? Have you considered only allowing DT renewals for
sites with existing registrations (that's a new capability we have)?
Gecko: Shipped/Shipping
(https://bugzilla.mozilla.org/show_bug.cgi?id=1312446
<https://bugzilla.mozilla.org/show_bug.cgi?id=1312446>)
WebKit: Added COOP/COEP and SAB support recently gated behind COOP/COEP
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
No - This OT is only for desktop, as this was the only platform where
SABs have been available without COOP/COEP.
Android re-enabled SABs gated behind
COOP/COEP:https://chromestatus.com/feature/5171863141482496
<https://chromestatus.com/feature/5171863141482496>
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1144104
<https://bugs.chromium.org/p/chromium/issues/detail?id=1144104>
Launch bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1138860
<https://bugs.chromium.org/p/chromium/issues/detail?id=1138860>
Blink-dev Thread
Planning isolation requirements (COOP/COEP) for SharedArrayBuffer
<https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg/m/QzWOGv7pAQAJ>
I2S
<https://groups.google.com/a/chromium.org/g/blink-dev/c/1NKvbIj3dq4/m/nLcgUst-BQAJ>
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4570991992766464
<https://chromestatus.com/feature/4570991992766464>
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvrpixJJCauj5Y2ZKFezu%2BrMi5NGQ0PrHrcq-my5%2BxMr-w%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvrpixJJCauj5Y2ZKFezu%2BrMi5NGQ0PrHrcq-my5%2BxMr-w%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8efea61e-c17f-4543-926b-f7e743160e53%40chromium.org.
