247286 – Restrict Storage Access API usage to within secure contexts

Bug 247286 - Restrict Storage Access API usage to within secure contexts

Summary: Restrict Storage Access API usage to within secure contexts

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-10-31 14:03 PDT by chris.p.fredrickson
Modified:	2022-11-07 13:04 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description chris.p.fredrickson 2022-10-31 14:03:17 PDT

WebKit should expose the document.hasStorageAccess and document.requestStorageAccess APIs in all contexts, but require a secure context as one of the preconditions for a "successful" call (i.e. before yielding true from hasStorageAccess, and before resolving from requestStorageAccess).

This is to get in alignment with https://github.com/privacycg/storage-access/pull/132.

Comment 1 Radar WebKit Bug Importer 2022-11-07 13:04:17 PST

<rdar://problem/102055522>