Yoshisato Yanagisawa (Gerrit)

unread,

4:11 AM (19 hours ago) 4:11 AM

to Elly FJ, Mike West, Emily Stark, Stephen McGruer, chromium...@chromium.org

Yoshisato Yanagisawa added 1 comment

Patchset-level comments

File-level comment, Patchset 1 (Latest):

Yoshisato Yanagisawa . resolved

As suggested by Emily, let me update the document.

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Yoshisato Yanagisawa (Gerrit)

unread,

4:13 AM (19 hours ago) 4:13 AM

to Shunya Shishido, Elly FJ, Mike West, Emily Stark, Stephen McGruer, chromium...@chromium.org

Attention needed from Shunya Shishido

Yoshisato Yanagisawa voted Commit-Queue+1

Commit-Queue

+1

Open in Gerrit

Related details

Attention is currently required from:

Shunya Shishido

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Shunya Shishido (Gerrit)

unread,

4:21 AM (19 hours ago) 4:21 AM

to Yoshisato Yanagisawa, Chromium LUCI CQ, Elly FJ, Mike West, Emily Stark, Stephen McGruer, chromium...@chromium.org

Attention needed from Yoshisato Yanagisawa

Shunya Shishido voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Yoshisato Yanagisawa

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Yoshisato Yanagisawa (Gerrit)

unread,

8:46 PM (2 hours ago) 8:46 PM

to Shunya Shishido, Chromium LUCI CQ, Elly FJ, Mike West, Emily Stark, Stephen McGruer, chromium...@chromium.org

Yoshisato Yanagisawa voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Yoshisato Yanagisawa (Gerrit)

unread,

8:49 PM (2 hours ago) 8:49 PM

to Shunya Shishido, Chromium LUCI CQ, Elly FJ, Mike West, Emily Stark, Stephen McGruer, chromium...@chromium.org

Yoshisato Yanagisawa added 1 comment

Patchset-level comments

File-level comment, Patchset 1 (Latest):

Yoshisato Yanagisawa . resolved

For who visit this CL in the future,
note that the internal discussion has been done in https://groups.google.com/a/google.com/g/chrome-worker/c/ltBNBmM0NmA?e=48417069.

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

8:49 PM (2 hours ago) 8:49 PM

to Yoshisato Yanagisawa, Shunya Shishido, Elly FJ, Mike West, Emily Stark, Stephen McGruer, chromium...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

Clarify Service Worker lifetime for Payment Handlers in FAQ

The Service Worker Security FAQ currently states standard termination policies (e.g., 30-second idle timeout) but does not reflect the exception for Payment Handlers.

To address timeouts in payment flows longer than 5 minutes (an issue raised by partners like Google Pay), http://crrev.com/c/7226437 was implemented to keep a Payment Handler's Service Worker active as long as its payment window is open.

During the review of that CL, a concern was raised about potential abuse of this extended lifetime. The security team was consulted and concluded that this does not introduce a significant new attack surface. Their rationale was that the worker's activity is tied to a user-visible window, which users are unlikely to keep open indefinitely, making the risk negligible.

This CL updates the FAQ to make this exception and its security rationale explicit, aligning the documentation with the implemented and security-reviewed behavior.

Bug: 41438822

Change-Id: Id30ea79d77a8f928c4b91402ac2f3a58cf902937

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7462029

Reviewed-by: Shunya Shishido <sisid...@chromium.org>

Commit-Queue: Yoshisato Yanagisawa <yyana...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#1568853}

Files:

M docs/security/service-worker-security-faq.md

Change size: XS

Delta: 1 file changed, 5 insertions(+), 0 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Shunya Shishido

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

Clarify Service Worker lifetime for Payment Handlers in FAQ [chromium/src : main]

Yoshisato Yanagisawa (Gerrit)

Yoshisato Yanagisawa added 1 comment

Related details

Yoshisato Yanagisawa (Gerrit)

Yoshisato Yanagisawa voted Commit-Queue+1

Related details

Shunya Shishido (Gerrit)

Shunya Shishido voted Code-Review+1

Related details

Yoshisato Yanagisawa (Gerrit)

Yoshisato Yanagisawa voted Commit-Queue+2

Related details

Yoshisato Yanagisawa (Gerrit)

Yoshisato Yanagisawa added 1 comment

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information