Bug 247286

Summary: Restrict Storage Access API usage to within secure contexts
Product: WebKit Reporter: chris.p.fredrickson
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bfulgham, pascoe, sihui_liu, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   

Description chris.p.fredrickson 2022-10-31 14:03:17 PDT
WebKit should expose the document.hasStorageAccess and document.requestStorageAccess APIs in all contexts, but require a secure context as one of the preconditions for a "successful" call (i.e. before yielding true from hasStorageAccess, and before resolving from requestStorageAccess).

This is to get in alignment with https://github.com/privacycg/storage-access/pull/132.
Comment 1 Radar WebKit Bug Importer 2022-11-07 13:04:17 PST
<rdar://problem/102055522>