From a414a12e2aec90a80fcdba0d47fef1012c1cace4 Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Thu, 16 Nov 2023 21:23:31 +0000
Subject: [PATCH 01/12] heuristics spec start

---
 compatibility.bs | 49 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/compatibility.bs b/compatibility.bs
index 3bda92d..ceb0e03 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -67,9 +67,11 @@ spec:css-display-3; type:value; for:display; text:flex
 spec:css-flexbox-1; type:value; text:inline-flex
 spec:css-syntax-3; type:dfn; text:invalid
 spec:filter-effects-1; type:property; text:filter
+spec:html; type:dfn; for:/; text:top-level traversable
 spec:infra; type:dfn; text:user agent
 spec:svg2; type:dfn; text:fill
 spec:svg2; type:dfn; text:stroke
+spec:url; type:dfn; for:url; text:host
 </pre>
 
 <!-- Commented out until we know what the heck to put here:
@@ -836,6 +838,53 @@ supported on all {{Window}} objects and <code><{body}></code> elements as attrib
   </tbody>
 </table>
 
+<h2 id="sa-heuristics-section">Storage Access Heuristics</h2>
+
+TODO: Storage access grant algo
+
+TODO: Constants
+
+TODO: This is what Chrome's doing
+
+<h3 id="sa-heuristics-popup">Popup Heuristic</h3>
+
+TODO: popup heuristic initiator host
+
+Append the following steps to the <a spec="html">activation notification</a>
+steps in the [[HTML#user-activation-processing-model|user activation processing
+model]]:
+
+1. Run [=detect a popup heuristic=] given <var ignore>document</var>.
+
+<div algorithm>
+
+To <dfn>detect a popup heuristic</dfn> given a [=Document=] |document|,
+perform the following steps:
+
+1. Let |navigable| be |document|'s [=node navigable=].
+1. If |navigable| is null, then abort these steps.
+1. If |navigable|'s [=popup heuristic initiator host=] is null,
+    then abort these steps.
+1. Let |topDocument| be |navigable|'s [=top-level traversable=]'s
+    [=navigable/active document=].
+1. Let |origin| be |topDocument|'s [=Document/origin=].
+1. If |origin| is an [=opaque origin=] then abort these steps.
+1. Let |site| be the result of running [=obtain a site=] given |origin|.
+1. Let |host| be |site|'s [=host=].
+1. [=Grant access for heuristics=] given:
+    <dl>
+        <dt><var ignore>host</var></dt>
+        <dd>|host|</dd>
+        <dt><var ignore>firstPartyHost</var></dt>
+        <dd>|navigable|'s [=popup heuristic initiator host=]</dd>
+        <dt><var ignore>duration</var></dt>
+        <dd>[=popup heuristic grant duration=]</dd>
+    </dl>
+
+</div>
+
+<h3 id="sa-heuristics-redirect">Redirect Heuristic</h3>
+
 <h2 id="ua-string-section">The User-Agent String</h2>
 
 The <code>User-Agent</code> header field syntax is formally defined by [[!HTTP-SEMANTICS]] and

From f6e492d0cf46f152a1c529d8c31425ca75a5161a Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Fri, 17 Nov 2023 00:21:59 +0000
Subject: [PATCH 02/12] heuristics spec

---
 compatibility.bs | 53 ++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 49 insertions(+), 4 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index ceb0e03..ea6a8d3 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -840,15 +840,58 @@ supported on all {{Window}} objects and <code><{body}></code> elements as attrib
 
 <h2 id="sa-heuristics-section">Storage Access Heuristics</h2>
 
-TODO: Storage access grant algo
+Browsers are working to deprecate third-party cookies while avoiding user-facing
+breakage by removing support for common web patterns, particularly login flows via
+third-party identity providers. Browsers can observe <code>Storage access heuristics</code>
+from the user in order to provide short-term storage access to unbreak these flows.
 
-TODO: Constants
+The following spec represents the Chromium implementation of this feature.
 
-TODO: This is what Chrome's doing
+<h3 id="sa-heuristics-constants">Constants</h3>
+
+The <dfn>popup heuristic grant duration</dfn> is an [=implementation-defined=]
+[=duration=] that represents the length of time after the popup heuristic is
+detected that the popup [=host=] will have access to the opener [=host=].
+
+Note: 30 days is a reasonable [=popup heuristic grant duration=] value.
+
+The <dfn>redirect heuristic grant duration</dfn> is an [=implementation-defined=]
+[=duration=] that represents the length of time after the redirect heuristic is
+detected that the bounced [=host=] will have access to the final [=host=].
+
+Note: 15 minutes is a reasonable [=redirect heuristic grant duration=] value.
+
+<h3 id="sa-heuristics-grant">Storage Access Grant</h3>
+
+<div algorithm>
+
+To <dfn>grant access for heuristics</dfn> given a [=host=] |host|, [=host=]
+|firstPartyHost|, and [=duration=] |duration|, perform the following steps:
+
+1. TODO
+1. |host|, |firstPartyHost|, |duration|
+
+</div>
 
 <h3 id="sa-heuristics-popup">Popup Heuristic</h3>
 
-TODO: popup heuristic initiator host
+Each [=top-level traversable=] has an associated
+<dfn for="top-level traversable">popup heuristic initiator host</dfn> which
+is a [=host=] or null. This stores the [=host=] of the <var ignore>opener</var> if
+[=top-level traversable=] is considered an eligible popup for the heuristic.
+
+Append the following steps to the <a spec="html">create a new top-level traversable</a>
+algorithm:
+1. TODO: Check opener access
+1. TODO: Check initiator iframe
+1. Let |popup heuristic initiator origin| be the <var ignore>opener</var>'s
+    [=browsing context/top-level traversable=]'s [=navigable/active document=]'s
+    [=Document/origin=].
+1. If |popup heuristic initiator origin| is an [=opaque origin=] then abort these steps.
+1. Let |popup heuristic initiator site| be the result of running [=obtain a site=] given
+    |popup heuristic initiator origin|.
+1. Set the [=top-level traversable=]'s [=popup heuristic initiator host=] to 
+    |popup heuristic initiator site|'s [=host=].
 
 Append the following steps to the <a spec="html">activation notification</a>
 steps in the [[HTML#user-activation-processing-model|user activation processing
@@ -885,6 +928,8 @@ perform the following steps:
 
 <h3 id="sa-heuristics-redirect">Redirect Heuristic</h3>
 
+TODO
+
 <h2 id="ua-string-section">The User-Agent String</h2>
 
 The <code>User-Agent</code> header field syntax is formally defined by [[!HTTP-SEMANTICS]] and

From 71b7843a8553ab0a044c167f23efaef201b66077 Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Fri, 17 Nov 2023 01:19:34 +0000
Subject: [PATCH 03/12] heuristics spec

---
 compatibility.bs | 61 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 58 insertions(+), 3 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index ea6a8d3..6c74aa5 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -863,13 +863,37 @@ Note: 15 minutes is a reasonable [=redirect heuristic grant duration=] value.
 
 <h3 id="sa-heuristics-grant">Storage Access Grant</h3>
 
+The 
+
 <div algorithm>
 
+Define a [=powerful feature=] identified by the [=powerful feature/name=]
+"storage-access-heuristics", with the following [=powerful feature/aspects=]:
+
+<dfn>permission key type</dfn>
+A [=permission key=] of the "storage-access-heuristics" feature is a [=tuple=] consisting
+of a [=host=] <dfn property>top-level</dfn> and a [=host=] <dfn property>requester</dfn>.
+
 To <dfn>grant access for heuristics</dfn> given a [=host=] |host|, [=host=]
 |firstPartyHost|, and [=duration=] |duration|, perform the following steps:
 
-1. TODO
-1. |host|, |firstPartyHost|, |duration|
+1. Let |key| be a [=permission key=] with |top-level| set to |firstPartyHost|
+    and |host| set to |requester.
+1. Queue a task on the [=current settings object=]'s [=responsible event loop=] to:
+    1. [=Set a permission store entry=] with:
+      <dl>
+          <dt><var ignore>descriptor</var></dt>
+          <dd>"storage-access-heuristics"</dd>
+          <dt><var ignore>key</var></dt>
+          <dd>|key|</dd>
+          <dt><var ignore>current state</var></dt>
+          <dd>"granted"</dd>
+      </dl>
+    2. Set the new permission's [=permission/lifetime=] to |lifetime|.
+
+Note: This algorithm is based on [=request permission to use=], except for the following key differences:
+- It sets a dynamic permission [=permission/lifetime=].
+- It generates a [=permission key=] independently of the [=current settings object=].
 
 </div>
 
@@ -928,7 +952,38 @@ perform the following steps:
 
 <h3 id="sa-heuristics-redirect">Redirect Heuristic</h3>
 
-TODO
+Insert the following steps in the <a spec="html">load a document</a> algorithm,
+before Step 5, "Return null", which is the point that the [=document=] is loaded.
+
+1. Run [=detect a popup heuristic=] given
+    <var ignore>navigable</var> and <var ignore>response</var>'s <var ignore>URL list</var>.
+
+<div algorithm>
+
+To <dfn>detect a popup heuristic</dfn> given a [=navigable=] |navigable|
+and a [=list=] of [=URLs=] |URLs|, perform the following steps:
+
+1. Let |firstPartyOrigin| be |topDocument|'s [=Document/origin=].
+1. If |firstPartyOrigin| is an [=opaque origin=] then abort these steps.
+1. Let |firstPartySite| be the result of running [=obtain a site=] given |firstPartyOrigin|.
+1. Let |firstPartyHost| be |firstPartySite|'s [=host=].
+1. [=list/For each=] |bounceUrl| in |URLs|:
+  1. Let |bounceSite| be the result of running [=obtain a site=] given |origin|.
+  1. Let |bounceHost| be |bounceSite|'s [=host=].
+  1. If |bounceHost| [=host/equals=] |host|, [=iteration/continue=].
+  1. TODO: Check current interaction
+  1. TODO: Check ABA flow
+  1. [=Grant access for heuristics=] given:
+    <dl>
+        <dt><var ignore>host</var></dt>
+        <dd>|bounceHost|</dd>
+        <dt><var ignore>firstPartyHost</var></dt>
+        <dd>|firstPartyHost|<dd>
+        <dt><var ignore>duration</var></dt>
+        <dd>[=redirect heuristic grant duration=]</dd>
+    </dl>
+
+</div>
 
 <h2 id="ua-string-section">The User-Agent String</h2>
 

From c0506bb749eb6444d2fd386ec085569c533ab3ec Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Fri, 17 Nov 2023 02:54:25 +0000
Subject: [PATCH 04/12] finish first draft

---
 compatibility.bs | 66 ++++++++++++++++++------------------------------
 1 file changed, 25 insertions(+), 41 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index 6c74aa5..4eef9b4 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -68,6 +68,7 @@ spec:css-flexbox-1; type:value; text:inline-flex
 spec:css-syntax-3; type:dfn; text:invalid
 spec:filter-effects-1; type:property; text:filter
 spec:html; type:dfn; for:/; text:top-level traversable
+spec:infra; type:dfn; text:list
 spec:infra; type:dfn; text:user agent
 spec:svg2; type:dfn; text:fill
 spec:svg2; type:dfn; text:stroke
@@ -863,22 +864,19 @@ Note: 15 minutes is a reasonable [=redirect heuristic grant duration=] value.
 
 <h3 id="sa-heuristics-grant">Storage Access Grant</h3>
 
-The 
-
-<div algorithm>
-
 Define a [=powerful feature=] identified by the [=powerful feature/name=]
-"storage-access-heuristics", with the following [=powerful feature/aspects=]:
+"storage-access-heuristics", with the following <dfn>permission key type</dfn>:
 
-<dfn>permission key type</dfn>
 A [=permission key=] of the "storage-access-heuristics" feature is a [=tuple=] consisting
 of a [=host=] <dfn property>top-level</dfn> and a [=host=] <dfn property>requester</dfn>.
 
+<div algorithm>
+
 To <dfn>grant access for heuristics</dfn> given a [=host=] |host|, [=host=]
 |firstPartyHost|, and [=duration=] |duration|, perform the following steps:
 
-1. Let |key| be a [=permission key=] with |top-level| set to |firstPartyHost|
-    and |host| set to |requester.
+1. Let |key| be a [=permission key=] with <var ignore>top-level</var> set to |firstPartyHost|
+    and <var ignore>requester</var> set to |host|.
 1. Queue a task on the [=current settings object=]'s [=responsible event loop=] to:
     1. [=Set a permission store entry=] with:
       <dl>
@@ -889,34 +887,17 @@ To <dfn>grant access for heuristics</dfn> given a [=host=] |host|, [=host=]
           <dt><var ignore>current state</var></dt>
           <dd>"granted"</dd>
       </dl>
-    2. Set the new permission's [=permission/lifetime=] to |lifetime|.
+    2. Set the new permission's [=permission/lifetime=] to |duration|.
 
-Note: This algorithm is based on [=request permission to use=], except for the following key differences:
+<div class=note>
+This algorithm is based on [=request permission to use=], except for the following key differences:
 - It sets a dynamic permission [=permission/lifetime=].
-- It generates a [=permission key=] independently of the [=current settings object=].
+- It generates a [=permission key=] independently of the [=current settings object=].</div>
 
 </div>
 
 <h3 id="sa-heuristics-popup">Popup Heuristic</h3>
 
-Each [=top-level traversable=] has an associated
-<dfn for="top-level traversable">popup heuristic initiator host</dfn> which
-is a [=host=] or null. This stores the [=host=] of the <var ignore>opener</var> if
-[=top-level traversable=] is considered an eligible popup for the heuristic.
-
-Append the following steps to the <a spec="html">create a new top-level traversable</a>
-algorithm:
-1. TODO: Check opener access
-1. TODO: Check initiator iframe
-1. Let |popup heuristic initiator origin| be the <var ignore>opener</var>'s
-    [=browsing context/top-level traversable=]'s [=navigable/active document=]'s
-    [=Document/origin=].
-1. If |popup heuristic initiator origin| is an [=opaque origin=] then abort these steps.
-1. Let |popup heuristic initiator site| be the result of running [=obtain a site=] given
-    |popup heuristic initiator origin|.
-1. Set the [=top-level traversable=]'s [=popup heuristic initiator host=] to 
-    |popup heuristic initiator site|'s [=host=].
-
 Append the following steps to the <a spec="html">activation notification</a>
 steps in the [[HTML#user-activation-processing-model|user activation processing
 model]]:
@@ -928,10 +909,11 @@ model]]:
 To <dfn>detect a popup heuristic</dfn> given a [=Document=] |document|,
 perform the following steps:
 
+1. Let |browsingContext| be |document|'s [=Document/browsing context=].
+1. If |browsingContext|'s <var ignore>is popup</var> is false, then abort these steps.
+1. If |browsingContext|'s <var ignore>opener origin at creation</var> is null, then abort these steps.
 1. Let |navigable| be |document|'s [=node navigable=].
 1. If |navigable| is null, then abort these steps.
-1. If |navigable|'s [=popup heuristic initiator host=] is null,
-    then abort these steps.
 1. Let |topDocument| be |navigable|'s [=top-level traversable=]'s
     [=navigable/active document=].
 1. Let |origin| be |topDocument|'s [=Document/origin=].
@@ -943,7 +925,7 @@ perform the following steps:
         <dt><var ignore>host</var></dt>
         <dd>|host|</dd>
         <dt><var ignore>firstPartyHost</var></dt>
-        <dd>|navigable|'s [=popup heuristic initiator host=]</dd>
+        <dd>|browsingContext|'s <var ignore>opener origin at creation=</var></dd>
         <dt><var ignore>duration</var></dt>
         <dd>[=popup heuristic grant duration=]</dd>
     </dl>
@@ -955,24 +937,26 @@ perform the following steps:
 Insert the following steps in the <a spec="html">load a document</a> algorithm,
 before Step 5, "Return null", which is the point that the [=document=] is loaded.
 
-1. Run [=detect a popup heuristic=] given
-    <var ignore>navigable</var> and <var ignore>response</var>'s <var ignore>URL list</var>.
+1. Run [=detect a redirect heuristic=] given <var ignore>navigable</var>.
 
 <div algorithm>
 
-To <dfn>detect a popup heuristic</dfn> given a [=navigable=] |navigable|
-and a [=list=] of [=URLs=] |URLs|, perform the following steps:
+To <dfn>detect a redirect heuristic</dfn> given a navigable |navigable|,
+perform the following steps:
 
+1. Let |topDocument| be |navigable|'s [=top-level traversable=]'s
+    [=navigable/active document=].
 1. Let |firstPartyOrigin| be |topDocument|'s [=Document/origin=].
 1. If |firstPartyOrigin| is an [=opaque origin=] then abort these steps.
 1. Let |firstPartySite| be the result of running [=obtain a site=] given |firstPartyOrigin|.
 1. Let |firstPartyHost| be |firstPartySite|'s [=host=].
-1. [=list/For each=] |bounceUrl| in |URLs|:
-  1. Let |bounceSite| be the result of running [=obtain a site=] given |origin|.
+1. Let |bounceTrackingRecord| be |navigable|'s [=top-level traversable=]'s <var ignore>bounce tracking record</var>.
+1. [=list/For each=] |bounceUrl| in |bounceTrackingRecord|'s <var ignore>bounce set</var>:
+  1. Let |bounceSite| be the result of running [=obtain a site=] given |bounceUrl|.
   1. Let |bounceHost| be |bounceSite|'s [=host=].
-  1. If |bounceHost| [=host/equals=] |host|, [=iteration/continue=].
-  1. TODO: Check current interaction
-  1. TODO: Check ABA flow
+  1. If |bounceHost| [=host/equals=] |firstPartyHost|, [=iteration/continue=].
+  <!-- TODO: check if |bounceUrl| has a transient activation. This will require patching bounce tracking record. -->
+  <!-- TODO: check A-B-A user flow. This will require traversing the navigable's history. -->
   1. [=Grant access for heuristics=] given:
     <dl>
         <dt><var ignore>host</var></dt>

From 5d58b6438d66259b1b2fd15e6f257c0d1d865c04 Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Fri, 8 Dec 2023 04:07:27 +0000
Subject: [PATCH 05/12] intro wording changes

---
 compatibility.bs | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index 4eef9b4..e411f8f 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -841,26 +841,26 @@ supported on all {{Window}} objects and <code><{body}></code> elements as attrib
 
 <h2 id="sa-heuristics-section">Storage Access Heuristics</h2>
 
-Browsers are working to deprecate third-party cookies while avoiding user-facing
+User agents are blocking third-party cookies by default while avoiding user-facing
 breakage by removing support for common web patterns, particularly login flows via
-third-party identity providers. Browsers can observe <code>Storage access heuristics</code>
-from the user in order to provide short-term storage access to unbreak these flows.
-
-The following spec represents the Chromium implementation of this feature.
+third-party identity providers. Browsers should follow the established patterns in
+this specification in order to provide short-term storage access to unbreak these flows.
 
 <h3 id="sa-heuristics-constants">Constants</h3>
 
 The <dfn>popup heuristic grant duration</dfn> is an [=implementation-defined=]
 [=duration=] that represents the length of time after the popup heuristic is
-detected that the popup [=host=] will have access to the opener [=host=].
+triggered that a user agent will store the corresponding [=popup heuristic grant=]
+in its [=heuristic grants map=].
 
-Note: 30 days is a reasonable [=popup heuristic grant duration=] value.
+Note: Most implementations use 30 days as the [=popup heuristic grant duration=].
 
 The <dfn>redirect heuristic grant duration</dfn> is an [=implementation-defined=]
 [=duration=] that represents the length of time after the redirect heuristic is
-detected that the bounced [=host=] will have access to the final [=host=].
+triggered that a user agent will store the corresponding [=redirect heuristic grant=]
+in its [=heuristic grants map=].
 
-Note: 15 minutes is a reasonable [=redirect heuristic grant duration=] value.
+Note: Most implementations use 15 minutes as the [=redirect heuristic grant duration=].
 
 <h3 id="sa-heuristics-grant">Storage Access Grant</h3>
 

From c875c3bc8fefa1bca97821e55e9ed2d47cbce962 Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Mon, 4 Dec 2023 17:13:35 -0500
Subject: [PATCH 06/12] Reference top-level traversable correctly

---
 compatibility.bs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index e411f8f..f82fe20 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -67,7 +67,6 @@ spec:css-display-3; type:value; for:display; text:flex
 spec:css-flexbox-1; type:value; text:inline-flex
 spec:css-syntax-3; type:dfn; text:invalid
 spec:filter-effects-1; type:property; text:filter
-spec:html; type:dfn; for:/; text:top-level traversable
 spec:infra; type:dfn; text:list
 spec:infra; type:dfn; text:user agent
 spec:svg2; type:dfn; text:fill
@@ -914,7 +913,7 @@ perform the following steps:
 1. If |browsingContext|'s <var ignore>opener origin at creation</var> is null, then abort these steps.
 1. Let |navigable| be |document|'s [=node navigable=].
 1. If |navigable| is null, then abort these steps.
-1. Let |topDocument| be |navigable|'s [=top-level traversable=]'s
+1. Let |topDocument| be |navigable|'s [=navigable/top-level traversable=]'s
     [=navigable/active document=].
 1. Let |origin| be |topDocument|'s [=Document/origin=].
 1. If |origin| is an [=opaque origin=] then abort these steps.
@@ -944,13 +943,13 @@ before Step 5, "Return null", which is the point that the [=document=] is loaded
 To <dfn>detect a redirect heuristic</dfn> given a navigable |navigable|,
 perform the following steps:
 
-1. Let |topDocument| be |navigable|'s [=top-level traversable=]'s
+1. Let |topDocument| be |navigable|'s [=navigable/top-level traversable=]'s
     [=navigable/active document=].
 1. Let |firstPartyOrigin| be |topDocument|'s [=Document/origin=].
 1. If |firstPartyOrigin| is an [=opaque origin=] then abort these steps.
 1. Let |firstPartySite| be the result of running [=obtain a site=] given |firstPartyOrigin|.
 1. Let |firstPartyHost| be |firstPartySite|'s [=host=].
-1. Let |bounceTrackingRecord| be |navigable|'s [=top-level traversable=]'s <var ignore>bounce tracking record</var>.
+1. Let |bounceTrackingRecord| be |navigable|'s [=navigable/top-level traversable=]'s <var ignore>bounce tracking record</var>.
 1. [=list/For each=] |bounceUrl| in |bounceTrackingRecord|'s <var ignore>bounce set</var>:
   1. Let |bounceSite| be the result of running [=obtain a site=] given |bounceUrl|.
   1. Let |bounceHost| be |bounceSite|'s [=host=].

From 3b10ef830334c6a577c64819e278a68202a3fbec Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Mon, 4 Dec 2023 17:19:48 -0500
Subject: [PATCH 07/12] User activation reference

---
 compatibility.bs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index f82fe20..11932d6 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -897,12 +897,14 @@ This algorithm is based on [=request permission to use=], except for the followi
 
 <h3 id="sa-heuristics-popup">Popup Heuristic</h3>
 
-Append the following steps to the <a spec="html">activation notification</a>
-steps in the [[HTML#user-activation-processing-model|user activation processing
-model]]:
+Append the following steps to the [[!HTML]]'s <a spec="html">activation notification</a> algorithm:
+
+<div algorithm="user-activation-patch">
 
 1. Run [=detect a popup heuristic=] given <var ignore>document</var>.
 
+</div>
+
 <div algorithm>
 
 To <dfn>detect a popup heuristic</dfn> given a [=Document=] |document|,

From c56b58e0849a8c80aa5303e760d5c132fbc6059a Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Mon, 4 Dec 2023 17:30:09 -0500
Subject: [PATCH 08/12] Opener origin at creation time

---
 compatibility.bs | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index 11932d6..ba69061 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -42,6 +42,12 @@ urlPrefix: https://drafts.fxtf.org/css-masking-1/
 urlPrefix: https://drafts.csswg.org/css-values-3/
   type: dfn
     text: dppx; url: #dppx
+urlPrefix: https://html.spec.whatwg.org/multipage/
+  urlPrefix: document-sequences.html
+    type: dfn
+      for: browsing context
+        text: is popup
+        text: opener origin at creation
 </pre>
 
 <pre class="biblio">
@@ -911,14 +917,14 @@ To <dfn>detect a popup heuristic</dfn> given a [=Document=] |document|,
 perform the following steps:
 
 1. Let |browsingContext| be |document|'s [=Document/browsing context=].
-1. If |browsingContext|'s <var ignore>is popup</var> is false, then abort these steps.
-1. If |browsingContext|'s <var ignore>opener origin at creation</var> is null, then abort these steps.
+1. If |browsingContext|'s [=browsing context/is popup=] is false, then return.
+1. If |browsingContext|'s [=browsing context/opener origin at creation=] is null, then return.
 1. Let |navigable| be |document|'s [=node navigable=].
-1. If |navigable| is null, then abort these steps.
+1. If |navigable| is null, then return.
 1. Let |topDocument| be |navigable|'s [=navigable/top-level traversable=]'s
     [=navigable/active document=].
 1. Let |origin| be |topDocument|'s [=Document/origin=].
-1. If |origin| is an [=opaque origin=] then abort these steps.
+1. If |origin| is an [=opaque origin=] then return.
 1. Let |site| be the result of running [=obtain a site=] given |origin|.
 1. Let |host| be |site|'s [=host=].
 1. [=Grant access for heuristics=] given:

From bfbe0a83465bcbc8b56b601f239afda20d9fdab0 Mon Sep 17 00:00:00 2001
From: Dominic Farolino <domfarolino@gmail.com>
Date: Mon, 4 Dec 2023 18:19:31 -0500
Subject: [PATCH 09/12] Bounce tracking traversable

---
 compatibility.bs | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index ba69061..04b212e 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -48,6 +48,12 @@ urlPrefix: https://html.spec.whatwg.org/multipage/
       for: browsing context
         text: is popup
         text: opener origin at creation
+urlPrefix: https://privacycg.github.io/nav-tracking-mitigations/
+  type: dfn
+    for: top-level traversable
+      text: bounce tracking record; url: top-level-traversable-bounce-tracking-record
+    for: bounce tracking record
+      text: bounce set; url: #bounce-tracking-record-bounce-set
 </pre>
 
 <pre class="biblio">
@@ -941,24 +947,28 @@ perform the following steps:
 
 <h3 id="sa-heuristics-redirect">Redirect Heuristic</h3>
 
-Insert the following steps in the <a spec="html">load a document</a> algorithm,
-before Step 5, "Return null", which is the point that the [=document=] is loaded.
+Insert the following steps in [[!HTML]]'s <a spec="html">load a document</a> algorithm, before the
+final step which returns null.
+
+<div algorithm="loading-a-document-patch">
 
 1. Run [=detect a redirect heuristic=] given <var ignore>navigable</var>.
 
+</div>
+
 <div algorithm>
 
-To <dfn>detect a redirect heuristic</dfn> given a navigable |navigable|,
-perform the following steps:
+To <dfn>detect a redirect heuristic</dfn> given a [=/navigable=] |navigable|, perform the following
+steps:
 
 1. Let |topDocument| be |navigable|'s [=navigable/top-level traversable=]'s
     [=navigable/active document=].
 1. Let |firstPartyOrigin| be |topDocument|'s [=Document/origin=].
-1. If |firstPartyOrigin| is an [=opaque origin=] then abort these steps.
+1. If |firstPartyOrigin| is an [=opaque origin=] then return.
 1. Let |firstPartySite| be the result of running [=obtain a site=] given |firstPartyOrigin|.
 1. Let |firstPartyHost| be |firstPartySite|'s [=host=].
-1. Let |bounceTrackingRecord| be |navigable|'s [=navigable/top-level traversable=]'s <var ignore>bounce tracking record</var>.
-1. [=list/For each=] |bounceUrl| in |bounceTrackingRecord|'s <var ignore>bounce set</var>:
+1. Let |bounceTrackingRecord| be |navigable|'s [=navigable/top-level traversable=]'s [=top-level traversable/bounce tracking record=].
+1. [=list/For each=] |bounceUrl| in |bounceTrackingRecord|'s [=bounce tracking record/bounce set=]:
   1. Let |bounceSite| be the result of running [=obtain a site=] given |bounceUrl|.
   1. Let |bounceHost| be |bounceSite|'s [=host=].
   1. If |bounceHost| [=host/equals=] |firstPartyHost|, [=iteration/continue=].

From a8c9ecfa0c6884bc5a243fa23043aca05fa0b896 Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Fri, 8 Dec 2023 05:09:55 +0000
Subject: [PATCH 10/12] Use global map instead of permissions API, plus various
 fixes

---
 compatibility.bs | 104 +++++++++++++++++++++--------------------------
 1 file changed, 46 insertions(+), 58 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index 04b212e..9b2c8f4 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -47,6 +47,7 @@ urlPrefix: https://html.spec.whatwg.org/multipage/
     type: dfn
       for: browsing context
         text: is popup
+        text: opener browsing context
         text: opener origin at creation
 urlPrefix: https://privacycg.github.io/nav-tracking-mitigations/
   type: dfn
@@ -850,63 +851,57 @@ supported on all {{Window}} objects and <code><{body}></code> elements as attrib
   </tbody>
 </table>
 
-<h2 id="sa-heuristics-section">Storage Access Heuristics</h2>
+<h2 id="sa-heuristics-section">Cookie Access Heuristics</h2>
 
 User agents are blocking third-party cookies by default while avoiding user-facing
 breakage by removing support for common web patterns, particularly login flows via
 third-party identity providers. Browsers should follow the established patterns in
-this specification in order to provide short-term storage access to unbreak these flows.
+this specification in order to provide short-term cookie access to unbreak these flows.
+
+<h3 id="sa-heuristics-global-data">Global Data</h3>
+
+A <dfn>site pair</dfn> is a [=tuple=] consisting of a [=site=] <dfn for=site pair>third party site</dfn>
+and a [=site=] <dfn for=site pair>first party site</dfn>
+
+The user agent holds a <dfn>heuristic grants map</dfn> which is a [=map=] of [=site pairs=] to
+[=moments=]. The [=moment=] represents the expiration timestamp of a cookie access grant
+for [=third party site=] on [=first party site=].
 
 <h3 id="sa-heuristics-constants">Constants</h3>
 
 The <dfn>popup heuristic grant duration</dfn> is an [=implementation-defined=]
 [=duration=] that represents the length of time after the popup heuristic is
-triggered that a user agent will store the corresponding [=popup heuristic grant=]
+triggered that a user agent will store the corresponding popup heuristic grant
 in its [=heuristic grants map=].
 
 Note: Most implementations use 30 days as the [=popup heuristic grant duration=].
 
 The <dfn>redirect heuristic grant duration</dfn> is an [=implementation-defined=]
 [=duration=] that represents the length of time after the redirect heuristic is
-triggered that a user agent will store the corresponding [=redirect heuristic grant=]
+triggered that a user agent will store the corresponding redirect heuristic grant
 in its [=heuristic grants map=].
 
 Note: Most implementations use 15 minutes as the [=redirect heuristic grant duration=].
 
-<h3 id="sa-heuristics-grant">Storage Access Grant</h3>
-
-Define a [=powerful feature=] identified by the [=powerful feature/name=]
-"storage-access-heuristics", with the following <dfn>permission key type</dfn>:
-
-A [=permission key=] of the "storage-access-heuristics" feature is a [=tuple=] consisting
-of a [=host=] <dfn property>top-level</dfn> and a [=host=] <dfn property>requester</dfn>.
+<h3 id="sa-heuristics-access-grant">Cookie Access Grant</h3>
 
 <div algorithm>
 
-To <dfn>grant access for heuristics</dfn> given a [=host=] |host|, [=host=]
-|firstPartyHost|, and [=duration=] |duration|, perform the following steps:
-
-1. Let |key| be a [=permission key=] with <var ignore>top-level</var> set to |firstPartyHost|
-    and <var ignore>requester</var> set to |host|.
-1. Queue a task on the [=current settings object=]'s [=responsible event loop=] to:
-    1. [=Set a permission store entry=] with:
-      <dl>
-          <dt><var ignore>descriptor</var></dt>
-          <dd>"storage-access-heuristics"</dd>
-          <dt><var ignore>key</var></dt>
-          <dd>|key|</dd>
-          <dt><var ignore>current state</var></dt>
-          <dd>"granted"</dd>
-      </dl>
-    2. Set the new permission's [=permission/lifetime=] to |duration|.
-
-<div class=note>
-This algorithm is based on [=request permission to use=], except for the following key differences:
-- It sets a dynamic permission [=permission/lifetime=].
-- It generates a [=permission key=] independently of the [=current settings object=].</div>
+To <dfn>grant access for heuristics</dfn> given a [=site=] |site|, [=site=]
+|firstPartySite|, [=moment=] |currentWallTime|, and [=duration=] |duration|,
+perform the following steps:
+
+1. Let |key| be a [=site pair=] with [=third party site=] set to |site| and
+    [=first party site=] set to |firstPartySite|.
+1. Let |expirationTime| be |duration| after |currentWallTime|.
+1. Set [=heuristic grants map=][|key|] to |expirationTime|.
 
 </div>
 
+<h3 id="sa-heuristics-access">Cookie Access Monkey Patch</h3>
+
+Issue: TODO: add monkey patch to network fetch cookie access that reads from [=heuristic grants map=].
+
 <h3 id="sa-heuristics-popup">Popup Heuristic</h3>
 
 Append the following steps to the [[!HTML]]'s <a spec="html">activation notification</a> algorithm:
@@ -924,7 +919,10 @@ perform the following steps:
 
 1. Let |browsingContext| be |document|'s [=Document/browsing context=].
 1. If |browsingContext|'s [=browsing context/is popup=] is false, then return.
+1. If |browsingContext|'s [=browsing context/opener browsing context=] is null, then return.
 1. If |browsingContext|'s [=browsing context/opener origin at creation=] is null, then return.
+1. Let |firstPartySite| be the result of running [=obtain a site=] given the |browsingContext|'s
+    [=browsing context/opener origin at creation=].
 1. Let |navigable| be |document|'s [=node navigable=].
 1. If |navigable| is null, then return.
 1. Let |topDocument| be |navigable|'s [=navigable/top-level traversable=]'s
@@ -932,16 +930,12 @@ perform the following steps:
 1. Let |origin| be |topDocument|'s [=Document/origin=].
 1. If |origin| is an [=opaque origin=] then return.
 1. Let |site| be the result of running [=obtain a site=] given |origin|.
-1. Let |host| be |site|'s [=host=].
-1. [=Grant access for heuristics=] given:
-    <dl>
-        <dt><var ignore>host</var></dt>
-        <dd>|host|</dd>
-        <dt><var ignore>firstPartyHost</var></dt>
-        <dd>|browsingContext|'s <var ignore>opener origin at creation=</var></dd>
-        <dt><var ignore>duration</var></dt>
-        <dd>[=popup heuristic grant duration=]</dd>
-    </dl>
+1. Let |currentWallTime| be |topDocument|'s [=relevant settings object=]'s
+    [=environment settings object/current wall time=].
+1. [=Grant access for heuristics=] given |site|, |firstPartySite|, |currentWallTime|, and
+    [=popup heuristic grant duration=].
+
+Issue(amaliev/3pcd-exemption-heuristics#3): TODO: Consider whether to check for third-party iframe initiators.
 
 </div>
 
@@ -966,23 +960,17 @@ steps:
 1. Let |firstPartyOrigin| be |topDocument|'s [=Document/origin=].
 1. If |firstPartyOrigin| is an [=opaque origin=] then return.
 1. Let |firstPartySite| be the result of running [=obtain a site=] given |firstPartyOrigin|.
-1. Let |firstPartyHost| be |firstPartySite|'s [=host=].
-1. Let |bounceTrackingRecord| be |navigable|'s [=navigable/top-level traversable=]'s [=top-level traversable/bounce tracking record=].
+1. Let |bounceTrackingRecord| be |navigable|'s [=navigable/top-level traversable=]'s
+    [=top-level traversable/bounce tracking record=].
 1. [=list/For each=] |bounceUrl| in |bounceTrackingRecord|'s [=bounce tracking record/bounce set=]:
-  1. Let |bounceSite| be the result of running [=obtain a site=] given |bounceUrl|.
-  1. Let |bounceHost| be |bounceSite|'s [=host=].
-  1. If |bounceHost| [=host/equals=] |firstPartyHost|, [=iteration/continue=].
-  <!-- TODO: check if |bounceUrl| has a transient activation. This will require patching bounce tracking record. -->
-  <!-- TODO: check A-B-A user flow. This will require traversing the navigable's history. -->
-  1. [=Grant access for heuristics=] given:
-    <dl>
-        <dt><var ignore>host</var></dt>
-        <dd>|bounceHost|</dd>
-        <dt><var ignore>firstPartyHost</var></dt>
-        <dd>|firstPartyHost|<dd>
-        <dt><var ignore>duration</var></dt>
-        <dd>[=redirect heuristic grant duration=]</dd>
-    </dl>
+    1. Let |site| be the result of running [=obtain a site=] given |bounceUrl|.
+    1. If |site| is [=site/same site=] to |firstPartySite|, [=iteration/continue=].
+    <!-- TODO: check if |bounceUrl| has a transient activation. This will require patching bounce tracking record. -->
+    <!-- TODO: check A-B-A user flow. This will require traversing the navigable's history. -->
+1. Let |currentWallTime| be |topDocument|'s [=relevant settings object=]'s
+    [=environment settings object/current wall time=].
+1. [=Grant access for heuristics=] given |site|, |firstPartySite|, |currentWallTime|, and
+    [=redirect heuristic grant duration=].
 
 </div>
 

From fd755600c4df6c1940e3e5d9e570cf7eeb5f2a0b Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Tue, 22 Oct 2024 21:39:30 +0000
Subject: [PATCH 11/12] address redirect comments

---
 compatibility.bs | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index 9b2c8f4..15b74fc 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -54,7 +54,9 @@ urlPrefix: https://privacycg.github.io/nav-tracking-mitigations/
     for: top-level traversable
       text: bounce tracking record; url: top-level-traversable-bounce-tracking-record
     for: bounce tracking record
+      text: initial host; url: #bounce-tracking-record-initial-host
       text: bounce set; url: #bounce-tracking-record-bounce-set
+      text: user activation set; url: #bounce-tracking-record-user-activation-set
 </pre>
 
 <pre class="biblio">
@@ -962,15 +964,20 @@ steps:
 1. Let |firstPartySite| be the result of running [=obtain a site=] given |firstPartyOrigin|.
 1. Let |bounceTrackingRecord| be |navigable|'s [=navigable/top-level traversable=]'s
     [=top-level traversable/bounce tracking record=].
-1. [=list/For each=] |bounceUrl| in |bounceTrackingRecord|'s [=bounce tracking record/bounce set=]:
-    1. Let |site| be the result of running [=obtain a site=] given |bounceUrl|.
-    1. If |site| is [=site/same site=] to |firstPartySite|, [=iteration/continue=].
-    <!-- TODO: check if |bounceUrl| has a transient activation. This will require patching bounce tracking record. -->
-    <!-- TODO: check A-B-A user flow. This will require traversing the navigable's history. -->
 1. Let |currentWallTime| be |topDocument|'s [=relevant settings object=]'s
     [=environment settings object/current wall time=].
-1. [=Grant access for heuristics=] given |site|, |firstPartySite|, |currentWallTime|, and
-    [=redirect heuristic grant duration=].
+1. Let |navigatedUrlsSet| be |bounceTrackingRecord|'s [=bounce tracking record/bounce set=].
+1. Append |bounceTrackingRecord|'s [=bounce tracking record/initial host=] to |navigatedUrlsSet|.
+1. [=list/For each=] |bounceUrl| in |navigatedUrlsSet|:
+    1. Let |site| be the result of running [=obtain a site=] given |bounceUrl|.
+    1. If |site| is [=site/same site=] to |firstPartySite|, [=iteration/continue=].
+    1. If |bounceTrackingRecord|'s [=bounce tracking record/user activation set=] does not contain |site|,
+        [=iteration/continue=].
+    <!-- TODO: Check that the user visited |firstPartySite| before |site|, to verify the
+        [A-B-A flow](https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md#scenario-c2).
+        This will require traversing the navigable's history. -->
+    1. [=Grant access for heuristics=] given |site|, |firstPartySite|, |currentWallTime|, and
+        [=redirect heuristic grant duration=].
 
 </div>
 

From cd438d225475e62de6efa8f519ca71cd42a90c63 Mon Sep 17 00:00:00 2001
From: Anton Maliev <amaliev@chromium.org>
Date: Tue, 22 Oct 2024 22:04:12 +0000
Subject: [PATCH 12/12] Update monkey patch location in Load a Document

---
 compatibility.bs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/compatibility.bs b/compatibility.bs
index 15b74fc..fba69d6 100644
--- a/compatibility.bs
+++ b/compatibility.bs
@@ -943,12 +943,11 @@ Issue(amaliev/3pcd-exemption-heuristics#3): TODO: Consider whether to check for
 
 <h3 id="sa-heuristics-redirect">Redirect Heuristic</h3>
 
-Insert the following steps in [[!HTML]]'s <a spec="html">load a document</a> algorithm, before the
-final step which returns null.
+Insert the following steps at the start of [[!HTML]]'s <a spec="html">load a document</a> algorithm.
 
 <div algorithm="loading-a-document-patch">
 
-1. Run [=detect a redirect heuristic=] given <var ignore>navigable</var>.
+1. Run [=detect a redirect heuristic=] given <var ignore>navigationParams</var>'s <var ignore>navigable</var>.
 
 </div>