-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spec: Wait for network revocation in nested fenced frames before disabling network. #176
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Haven't made it through everything quite yet but getting there. This is a start for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more issue I spotted is that the https://wicg.github.io/fenced-frame/#revoke-network-for-a-partition-nonce algorithm uses "this" which it cannot do since it is called from an in parallel context. I think we should fix that in this PR.
Modified to take in a |
This PR introduces a new algorithm:
Recalculate the untrusted network status of all frames
. This is called whenever a fenced frame marks its network as disabled, and checks to see if any ancestor fenced frames are now allowed to have their network access be fully revoked and gain access to unpartitioned data.This PR modifies
disableUntrustedNetwork()
to not resolve the promise, and instead puts the promise into the fenced frame config instance to be resolved once the frame tree is considered to have its network fully revoked.This builds off of the work in #146, and this should only be merged after #146 is merged.
See: issue #168
Preview | Diff