Intent to Ship: Shared Storage: Allowing Cross-Origin Script in addModule & Aligning createWorklet

248 views
Skip to first unread message

Cammie Smith Barnes

unread,
Aug 28, 2024, 3:32:20 PMAug 28
to blink-dev, Cammie Smith Barnes, Josh Karlin, Yao Xiao, asha...@google.com

Intent to Ship: Shared Storage: Allowing Cross-Origin Script in addModule & Aligning createWorklet


Contact emails

cam...@chromium.org, jka...@chromium.org, yao...@chromium.org, asha...@google.com


Explainer

https://github.com/WICG/shared-storage/blob/main/README.md


Specification

https://github.com/WICG/shared-storage/pull/161


Summary

We now allow sharedStorage.worklet.addModule to load cross-origin script, while still using the invoking context's origin as the data partition origin for accessing shared storage data. We also align the behavior of sharedStorage.createWorklet, so that when it loads a cross-origin script, it also uses the invoking context's origin as the data partition origin by default (instead of using the script origin as it did when initially implemented). Finally, to preserve the ability to use the script's origin as the data partition origin, we introduce a new dataOrigin option for createWorklet.


We have received feedback from developers stating they wanted to be able to host and run their worklet script on a separate origin from the origin that owns and writes their shared storage data. So we remove the same-origin restriction for addModule. Note that, when the worklet script is cross-origin to the invoking context, the invoking context's origin is used as the partition origin for accessing shared storage.


To help avoid developer confusion in the long term, we align the default behavior of createWorklet to use the invoking context's origin instead of the script origin as its data partition origin. This is a breaking change, but current usage of createWorklet is low as it was introduced in M125 and those that are using it have upgraded to a forward-compatible incantation. We also introduce a dataOrigin option that can be passed to use the previous behavior.



Blink component

Blink>Storage>SharedStorage


TAG review & status

Notification of the change is here but not expecting feedback as the entire Shared Storage feature is resolved as unsatisfied.



Risks



Interoperability and Compatibility

There are no interop risks as no other browser has implemented shared storage. There is a compat risk for the recently released createWorklet API. The worklet created by createWorklet before this change had the data partition of the script’s origin. We’re changing it, to align with addModule, to use the calling context’s origin instead. We’re monitoring usage here of the backwards-incompatible usage of the existing API and reaching out to folks using it to let them know that they should make the following forward-compatible change if they want the existing default behavior of createWorklet to continue to function after this change:


before: sharedStorage.createWorklet(worklet_url);

after: sharedStorage.createWorklet(worklet_url, { dataOrigin: “script-origin” });


The dataOrigin option will be ignored on browsers previous to this change, and honored correctly after. 


As of today, all users have switched to the forward-compatible incantation. We are also monitoring usage of addModule with scripts that are cross-origin to the calling context here, as those will suddenly work when they did not before which could be surprising to developers. As anticipated, this usage is extremely low (.00001% page loads).



Gecko: Negative on shared storage


WebKit: Negative on shared storage


Web developers: Positive, but there is follow-up work to allow createWorklet() to serve the script from a different origin than the data origin which is what folks ultimately want. That change will be non-breaking. This work is a first step in that direction (allowing addModule to be cross-origin).


Other signals:


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability

Shared Storage worklets can be debugged in devtools.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

All but webview


Is this feature fully tested by web-platform-tests?

Yes


Flag name on chrome://flags

None


Finch feature name

SharedStorageCrossOriginScript and SharedStorageCreateWorkletUseContextOriginByDefault


Non-finch justification

NA


Requires code in //chrome?

False


Estimated milestones

M130



Anticipated spec changes

None


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6531477832204288?gate=6576220452683776


Links to previous Intent discussions

Intent to Prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/YZ4XGewKVuk/m/v8CwKfq8AAAJ?utm_medium=email&utm_source=footer



This intent message was generated by Chrome Platform Status.

Domenic Denicola

unread,
Sep 3, 2024, 11:07:54 PMSep 3
to blink-dev, Cammie Smith Barnes, Josh Karlin, Yao Xiao, asha...@google.com
LGTM1. This seems like a good change for overall web consistency, and compat risks seem well-managed.

Yoav Weiss (@Shopify)

unread,
Sep 4, 2024, 10:07:36 AMSep 4
to blink-dev, Domenic Denicola, Cammie Smith Barnes, Josh Karlin, Yao Xiao, asha...@google.com
LGTM2

Mike Taylor

unread,
Sep 4, 2024, 10:21:15 AMSep 4
to Yoav Weiss (@Shopify), blink-dev, Domenic Denicola, Cammie Smith Barnes, Josh Karlin, Yao Xiao, asha...@google.com

LGTM3

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c0f43188-c7a0-4603-8796-9ecc04eacfe9n%40chromium.org.

Mike Taylor

unread,
Sep 4, 2024, 10:22:11 AMSep 4
to Yoav Weiss (@Shopify), blink-dev, Domenic Denicola, Cammie Smith Barnes, Josh Karlin, Yao Xiao, asha...@google.com

Sorry, LGTM3 conditioned upon Testing and Debuggability bits being requested in the chromestatus entry.

Reply all
Reply to author
Forward
0 new messages