Switch to the networking task source (#184)

Fixes #144, also fixes #182 on the side
privacycg · Oct 9, 2023 · 71a6071 · 71a6071
1 parent 139ef58
commit 71a6071
Showing 1 changed file with 7 additions and 12 deletions.
diff --git a/storage-access.bs b/storage-access.bs
@@ -37,8 +37,6 @@ spec: RFC6265; urlPrefix: https://tools.ietf.org/html/rfc6265
 spec: RFC6265bis; urlPrefix: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-11
     type: dfn
         text: site for cookies; url: section-5.2.1
-urlPrefix: https://w3c.github.io/permissions/; spec: permissions
-    text: permissions task source; url: #permissions-task-source; type: dfn
 urlPrefix: https://w3c.github.io/webdriver/webdriver-spec.html#; spec: webdriver
     type: dfn
         text: current browsing context; url: dfn-current-browsing-context
@@ -62,7 +60,6 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
         text: create navigation params by fetching; url: browsing-the-web.html#create-navigation-params-by-fetching
         text: set up a window environment settings object; url: nav-history-apis.html#set-up-a-window-environment-settings-object
         text: environment
-        text: DOM manipulation task source; url: webappapis.html#dom-manipulation-task-source
 
 spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
     type: dfn
@@ -162,25 +159,25 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>ha
 1. Let |embeddedSite| be the result of [=obtain a site|obtaining a site=] from |doc|'s [=Document/origin=].
 1. Run the following steps [=in parallel=]:
     1. Let |whether the user agent explicitly allows unpartitioned cookie access| be an algorithm that, given a [=tuple=] |tuple| consisting of two [=sites=], runs the following steps. This algorithm returns "`none`", "`allow`" or "`disallow`".
-        
+
         Note: A user agent's settings might explicitly allow or disallow unpartitioned cookie access through per-site allow-lists, the user changing global browser settings, or similar custom overrides.
-        
+
         1. If the user agent does not have explicit settings for unpartitioned cookie access for |tuple|, return "`none`".
         1. If the user agent's settings explicitly allow unpartitioned cookie access for |tuple|, return "`allow`".
         1. If the user agent's settings explicitly disallow unpartitioned cookie access for |tuple|, return "`disallow`".
     1. Let |explicitSetting| be the result of determining |whether the user agent explicitly allows unpartitioned cookie access| with (|topLevelSite|, |embeddedSite|).
-    1. [=Queue a global task=] on the [=permissions task source=] given |global| to:
+    1. Let |permissionState| be the result of [=getting the current permission state=] given "<a permission><code>storage-access</code></a>" and |global|.
+    1. [=Queue a global task=] on the [=networking task source=] given |global| to:
         1. If |explicitSetting| is "`disallow`", [=/resolve=] |p| with false.
         1. If |explicitSetting| is "`allow`", [=/resolve=] |p| with true.
         1. If |explicitSetting| is "`none`":
             1. If |browsingContext| is a [=top-level browsing context=], [=/resolve=] |p| with true.
             1. If |browsingContext| is same authority with |browsingContext|'s [=top-level browsing context=]'s [=active document=], [=/resolve=] |p| with true.
 
                 ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document.
-
-            1. Let |permissionState| be the result of [=getting the current permission state=] given "<a permission><code>storage-access</code></a>" and |global|.
+
             1. If |permissionState| is [=permission/granted=], [=/resolve=] |p| with |global|'s [=environment/has storage access=].
-                
+
                 Note: The global storage access permission state takes precedence over the local [=environment/has storage access=] flag here, in order to immediately reflect a possible user choice to revoke the permission in their settings.
 
         1. [=/Resolve=] |p| with false.
@@ -210,7 +207,7 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
 1. Let |has transient activation| be whether |doc|'s {{Window}} object has [=transient activation=].
 1. Run the following steps [=in parallel=]:
     1. Let |process permission state| be an algorithm that, given a [=permission state=] |state|, runs the following steps:
-        1. [=Queue a global task=] on the [=permission task source=] given |global| to:
+        1. [=Queue a global task=] on the [=networking task source=] given |global| to:
             1. If |state| is [=permission/granted=]:
                 1. Set |global|'s [=environment/has storage access=] to true.
                 1. [=/Resolve=] |p| with {{undefined}}.
@@ -233,8 +230,6 @@ When invoked on {{Document}} |doc|, the <dfn export method for=Document><code>re
 
 NOTE: The intent of this algorithm is to always require user activation before a storage-access permission will be set. Though it is within the means of user agents to set storage-access permissions based on custom heuristics without prior user activation, this specification strongly discourages such behavior, as it could lead to interoperability issues.
 
-ISSUE(privacycg/storage-access#144): We shouldn't use the permissions task source here.
-
 <h3 id="navigation">Changes to navigation</h3>
 
 When [=snapshotting source snapshot params=]: