Intent to Extend Reverse Origin Trial: Trial for SharedArrayBuffers in non-isolated pages on Desktop platforms

[Camille Lamy]

Contact emails

va...@chromium.org cl...@chromium.org

Explainer

https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k

Specification

https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects

Design docs Including the new security requirements

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer

Discussion how and what to gate

https://github.com/whatwg/html/issues/4732

Summary

‘SharedArrayBuffers’ (SABs) on desktop platforms are restricted to cross-origin isolated environments, matching the behavior we've recently shipped on Android and Firefox. We've performed that change in Chrome 92. A reverse OT was started to give developers the option to use SABs in case they are not able to adopt cross origin isolation yet.

We’ve worked with multiple internal and external users of the OT to understand their use cases and why they can’t adopt yet. With COEP:credentialless and iframes credentialless now available, the SAB non COI usage went further down.

Unfortunately, the cascading requirements of COEP are still a blocker for COI adoption. Some of the users of the OT rely heavily on credentialled cross-origin subresources, so credentialless modes are not an option for them. And their apps are complex enough that they are still blocked on child iframes supporting COEP.

To address this, we’re exploring ways of enabling COI that would take advantage of process isolation in order to waive requirements on child frames to enforce COEP. However, this is still at an exploratory stage. So we would like to request a 3 milestones extension (until M124) to this deprecation trial. This will give us enough time to propose a solution and discuss it with the standards community and users of the reverse OT. We will then come back with a proposed solution to finally end the OT and get the remaining users of the reverse OT, as well as a timeline for the OT ending.

Blink component

Blink>JavaScript

Search tags

SharedArrayBuffer, SAB

TAG review

https://github.com/w3ctag/design-reviews/issues/471

TAG review status

Closed

Risks

Interoperability and Compatibility

We expect this change to negatively impact developers using `SharedArrayBuffer` today. Chrome was the only platform where SABs have been available without COOP/COEP. Therefore we need to give developers the right capabilities and a clear path forward to ensure they’ve enough time to adopt. We aim to mitigate these risks by adopting a longer-than-usual depreciation period with console warnings/issues and a reverse origin trial. 

Good news is usage is down to ~0.0209% page loads and that other browsers have or are shipping SABs again gated behind COOP/COEP. Bad news is that Chromium was the only browser that supported SABs without COI, therefore we need to provide a migration path to not break existing sites.

Gecko: Shipped/Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1312446)

WebKit: Added COOP/COEP and SAB support recently gated behind COOP/COEP

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No - This OT is only for desktop, as this was the only platform where SABs have been available without COOP/COEP.

Android re-enabled SABs gated behind COOP/COEP: https://chromestatus.com/feature/5171863141482496

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1144104

Launch bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1138860

Blink-dev Thread

Planning isolation requirements (COOP/COEP) for SharedArrayBuffer

I2S

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4570991992766464

[Rick Byers]

LGTM to extend. Breaking the transitive dependency problem with OOPIF seems like an effective and pragmatic strategy to me, I'm excited to see where that goes.

One nit below.

Is it really "down"? The graph is up and down, but overall seems like an upward trend over the past two years, not a downward one, right? If anything that should make the argument for urgency on an alternative adoption strategy like you propose higher (not something we can fix with more outreach and time).

Gecko: Shipped/Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1312446)

WebKit: Added COOP/COEP and SAB support recently gated behind COOP/COEP

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No - This OT is only for desktop, as this was the only platform where SABs have been available without COOP/COEP.

Android re-enabled SABs gated behind COOP/COEP: https://chromestatus.com/feature/5171863141482496

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1144104

Launch bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1138860

Blink-dev Thread

Planning isolation requirements (COOP/COEP) for SharedArrayBuffer

I2S

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4570991992766464

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMKsNvqRwzmSs2%3DPEEhze175Sf7wm6S_AnGuAOnrcZ0mmA1gYw%40mail.gmail.com.

[Andy Luhrs]

Excited about the potential changes around COEP, Microsoft has a handful of apps in that situation and we'd love to chat more if there's more supporting evidence/discussion needed.