Add Automation subsection #42
Conversation
* Add Automation subsection. * Address feedback. * Fix whitespace.
storage-access.bs
Outdated
| 1. If |blocked| is not a [=boolean=] return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=]. | ||
| 1. Let |doc| be the [=current browsing context=]'s [=active document=]. | ||
| 1. Let |key| be the result of [=generate a partitioned storage key|generating a partitioned storage key=] from |doc|. | ||
| 1. If |key| is failure, return a [=WebDriver error=] with [=WebDriver error code=] [=unknown error=]. |
There was a problem hiding this comment.
Nit: I prefer "unsupported operation" over "unknown error". This is only likely to fail if the remote end (say, WebKit) doesn't support the operation.
There was a problem hiding this comment.
Thanks. I was on the fence about this myself. Switching to "unsupported operation".
There was a problem hiding this comment.
What should happen if the browsing context is the top-level browsing context? What if its active document is same-site with the top-level site?
It seems there should also be API surface to ensure certain outcomes before documents are created. That is, that you know what when you create a nested document it won't have partitioned data (or will).
storage-access.bs
Outdated
|
|
||
| The [=remote end steps=] are: | ||
|
|
||
| 1. If |parameters| is not a JSON [=Object=], return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=]. |
There was a problem hiding this comment.
How is this verified? Does this want to call https://infra.spec.whatwg.org/#parse-json-from-bytes?
https://infra.spec.whatwg.org/#convert-a-json-derived-javascript-value-to-an-infra-value might be useful on top for the remainder of these steps. (Or more likely, all of this should be abstracted and defined as part of the extension command infrastructure.)
There was a problem hiding this comment.
This is already covered by https://w3c.github.io/webdriver/#processing-model (see step 5 where parameters is parsed) so I've removed this check.
There was a problem hiding this comment.
Thanks, I filed w3c/webdriver#1529 to see about improving that further.
Thanks, I've added steps to handle these cases.
I've changed the API slightly. It now treats the current browsing context as the top-level site, and take a parameter to specify which embedded site to block or allow. This makes it possible to set policy for an embedded site without needing to create any nested documents and switch contexts first. |
storage-access.bs
Outdated
| 1. Let |origin| be the result of [=getting a property=] from |parameters| named `origin`. | ||
| 1. If |origin| is not the [=serialization of an origin=] return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=]. | ||
| 1. If |origin| is an [=opaque origin=] return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=]. | ||
| 1. Let |embedded site| be the result of [=obtain a site|obtaining a site=] from |origin|. |
There was a problem hiding this comment.
Adding the ability to specify this per origin seems useful. Would it be useful to allow a mechanism to specify all origins (e.g. equiv to "blockallthirdpartycookies" preferences) as well?
storage-access.bs
Outdated
| 1. Let |blocked| be the result of [=getting a property=] from |parameters| named `blocked`. | ||
| 1. If |blocked| is not a [=boolean=] return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=]. | ||
| 1. Let |origin| be the result of [=getting a property=] from |parameters| named `origin`. | ||
| 1. If |origin| is not the [=serialization of an origin=] return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=]. |
There was a problem hiding this comment.
This doesn't work. I guess what you want to be doing is parse this field as a URL and then use that URL's origin. Similar to postMessage(). That would also help the following steps which assume origin is an object (and not a string).
There was a problem hiding this comment.
Thanks. I've adapted some of the language from the spec for postMessage. I've also added similar handling for asterisk (*) to provide a mechanism to specify all origins per @Brandr0id's request above.
This change updates the spec with a WebDriver extension command for modifying the user agent's storage access policy. This is to address: w3c/webdriver#1437 (comment)