Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reserve/free quota for fetchLater #10903

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Reserve/free quota for fetchLater #10903

wants to merge 2 commits into from

Conversation

noamr
Copy link
Contributor

@noamr noamr commented Jan 8, 2025
edited by pr-preview bot
Loading

The logic for deferred fetching (the fetchLater function), as defined in the fetch spec, specifies a "quota" which is shared with between a document and its direct same-origin descendants.

For this logic to work in a secure way, the quota needs to be:

  • reserved when a frame-initiated navigation starts. This way, the container document can only reserve quota based on URLs it knows it navigates to.
  • freed if the document ends up being same origin with its container, upon document creation. This ensures quota is handled correctly in the case of redirects.

This PR adds those two calls:

  • Call "reserve" on navigation, based on sourceDocument.
  • Call "potentially free" on document creation.

Depends on whatwg/fetch#1647, where the quota logic itself is defined.

  • At least two implementers are interested (and none opposed):
  • Tests are written and can be reviewed and commented upon at:
  • Implementation bugs are filed:
    • Chromium: …
    • Gecko: …
    • WebKit: …
    • Deno (only for timers, structured clone, base64 utils, channel messaging, module resolution, web workers, and web storage): …
    • Node.js (only for timers, structured clone, base64 utils, channel messaging, and module resolution): …
  • Corresponding HTML AAM & ARIA in HTML issues & PRs:
  • MDN issue is filed: …
  • The top of this comment includes a clear commit message to use.

(See WHATWG Working Mode: Changes for more details.)

/browsing-the-web.html ( diff )
/document-lifecycle.html ( diff )
/infrastructure.html ( diff )

@noamr
Reserve/free quota for fetchLater
0e0afb3 
The logic for deferred fetching (the `fetchLater` function), as
defined in the fetch spec, specifies a "quota" which is shared
with between a document and its direct same-origin descendants.

For this logic to work in a secure way, the quota needs to be:
- reserved when a frame-initiated navigation starts. This way,
  the container document can only reserve quota based on URLs
  it knows it navigates to.
- freed if the document ends up being same origin with its
  container, upon document creation.
  This ensures quota is handled correctly in the case of
  redirects.

This PR adds those two calls:
- Call "reserve" on navigation, based on `sourceDocument`.
- Call "potentially free" on document creation.

Depends on whatwg/fetch#1647, where
the quota logic itself is defined.
@noamr noamr requested a review from annevk January 8, 2025 10:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk Awaiting requested review from annevk

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@noamr