Intent to Ship: Custom data origin in sharedStorage.createWorklet

Josh Karlin

unread,

Jan 29, 2025, 4:08:28 PMJan 29

to blink-dev, Cammie Smith Barnes, Yao Xiao, Sara Akram, Renan Feldman

Summary

We add support for creating a worklet with a caller-provided x-site data origin without having to create a x-site iframe first. For security purposes the data origin must opt in to having the given worklet script run on its data.

Blink component

Blink>Storage>SharedStorage

TAG review

https://github.com/w3ctag/design-reviews/issues/747#issuecomment-2583552240

TAG review status

TAG is unsatisfied with the underlying API

Risks

Interoperability and Compatibility

The changes are backwards compatible.

Gecko: No signal

WebKit: No signal

Web developers: Supportive. This feature was requested (and tested) by an external developer to allow the worklet script to be hosted on a cdn while processing data from their primary origin.

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

NA as not shipped to webview

Debuggability

Shared Storage worklets can be inspected within DevTools: Debug Shared Storage worklets with DevTools

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

All but webview

Is this feature fully tested by web-platform-tests?

Yes

Flag name on about://flags

None

Finch feature name

SharedStorageCreateWorkletCustomDataOrigin

Non-finch justification

None

Requires code in //chrome?

False

Availability expectation

M134

Anticipated spec changes

None

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4886122881351680?gate=4922008641732608

This intent message was generated by Chrome Platform Status.

Chris Harrelson

unread,

Feb 5, 2025, 11:15:57 AMFeb 5

to Josh Karlin, blink-dev, Cammie Smith Barnes, Yao Xiao, Sara Akram, Renan Feldman

LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaNQFjb%2B%3DnO84%2BJ22Q6-3mWF%2Bkhrve3JoK14Uy%3D8tw6rPg%40mail.gmail.com.

Mike Taylor

unread,

Feb 5, 2025, 11:16:24 AMFeb 5

to Chris Harrelson, Josh Karlin, blink-dev, Cammie Smith Barnes, Yao Xiao, Sara Akram, Renan Feldman

LGTM2

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-K0RfK7z6iY4UH45Tex4-_OPv6DsLAu1BNpSjw47HMkw%40mail.gmail.com.

Vladimir Levin

unread,

Feb 12, 2025, 11:04:44 AMFeb 12

to Mike Taylor, Chris Harrelson, Josh Karlin, blink-dev, Cammie Smith Barnes, Yao Xiao, Sara Akram, Renan Feldman

LGTM3

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/08ede04b-4eee-4b4a-9a42-f08f40053aae%40chromium.org.

Reply all

Reply to author

Forward

Intent to Ship: Custom data origin in sharedStorage.createWorklet

Josh Karlin

Contact emails

Explainer

Specification

Summary

Blink component

TAG review

TAG review status

Risks

Interoperability and Compatibility

WebView application risks

Debuggability

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

Is this feature fully tested by web-platform-tests?

Flag name on about://flags

Finch feature name

Non-finch justification

Requires code in //chrome?

Availability expectation

Anticipated spec changes

Link to entry on the Chrome Platform Status

Chris Harrelson

Mike Taylor

Vladimir Levin