Enable Document-Policy in Dedicated Workers [chromium/src : main]

0 views
Skip to first unread message

Monica Chintala (Gerrit)

unread,
Dec 17, 2025, 6:53:25 PM12/17/25
to Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
Attention needed from Liang Zhao

Monica Chintala added 1 comment

Patchset-level comments
File-level comment, Patchset 11 (Latest):
Monica Chintala . resolved

CYTAL when you get a chance?

Open in Gerrit

Related details

Attention is currently required from:
  • Liang Zhao
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
Gerrit-Change-Number: 7236250
Gerrit-PatchSet: 11
Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
Gerrit-CC: Hongchan Choi <hong...@chromium.org>
Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
Gerrit-CC: Nate Chapin <jap...@chromium.org>
Gerrit-CC: Xida Chen <xida...@chromium.org>
Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
Gerrit-Comment-Date: Wed, 17 Dec 2025 23:53:15 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Liang Zhao (Gerrit)

unread,
Dec 17, 2025, 7:46:21 PM12/17/25
to Monica Chintala, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
Attention needed from Monica Chintala

Liang Zhao added 2 comments

File third_party/blink/renderer/core/workers/dedicated_worker.cc
Line 470, Patchset 11 (Parent): std::move(referrer_policy),
Liang Zhao . unresolved

Why do we remove the `std::move`? And if we follow the existing pattern, we might actually want to also do std::move for the new document policy. Not that as this is passing parameter to a callback. Forwarding ownership is more reliable than passing reference to an object, which might be released when the callback is invoked.

File third_party/blink/renderer/core/workers/dedicated_worker_test.cc
Line 236, Patchset 11 (Latest):class DedicatedWorkerObjectProxyForTest final
Liang Zhao . unresolved

Not necessarily in this file, but can we add some test for the new code?

Open in Gerrit

Related details

Attention is currently required from:
  • Monica Chintala
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
    Gerrit-Change-Number: 7236250
    Gerrit-PatchSet: 11
    Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
    Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
    Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
    Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
    Gerrit-CC: Hongchan Choi <hong...@chromium.org>
    Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
    Gerrit-CC: Nate Chapin <jap...@chromium.org>
    Gerrit-CC: Xida Chen <xida...@chromium.org>
    Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
    Gerrit-Comment-Date: Thu, 18 Dec 2025 00:46:12 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Monica Chintala (Gerrit)

    unread,
    Dec 18, 2025, 8:32:21 PM12/18/25
    to Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
    Attention needed from Liang Zhao

    Monica Chintala voted and added 2 comments

    Votes added by Monica Chintala

    Commit-Queue+1

    2 comments

    File third_party/blink/renderer/core/workers/dedicated_worker.cc
    Line 470, Patchset 11 (Parent): std::move(referrer_policy),
    Liang Zhao . resolved

    Why do we remove the `std::move`? And if we follow the existing pattern, we might actually want to also do std::move for the new document policy. Not that as this is passing parameter to a callback. Forwarding ownership is more reliable than passing reference to an object, which might be released when the callback is invoked.

    Monica Chintala

    That wasn't intentional. Also moved the document policy

    File third_party/blink/renderer/core/workers/dedicated_worker_test.cc
    Line 236, Patchset 11:class DedicatedWorkerObjectProxyForTest final
    Liang Zhao . resolved

    Not necessarily in this file, but can we add some test for the new code?

    Monica Chintala

    Done

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Liang Zhao
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement is not satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
      Gerrit-Change-Number: 7236250
      Gerrit-PatchSet: 12
      Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
      Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
      Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
      Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
      Gerrit-CC: Hongchan Choi <hong...@chromium.org>
      Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
      Gerrit-CC: Nate Chapin <jap...@chromium.org>
      Gerrit-CC: Xida Chen <xida...@chromium.org>
      Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
      Gerrit-Comment-Date: Fri, 19 Dec 2025 01:32:10 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      Comment-In-Reply-To: Liang Zhao <lz...@microsoft.com>
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Liang Zhao (Gerrit)

      unread,
      Dec 19, 2025, 3:02:04 PM12/19/25
      to Monica Chintala, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
      Attention needed from Monica Chintala

      Liang Zhao added 3 comments

      File third_party/blink/renderer/core/workers/dedicated_worker.cc
      Line 450, Patchset 12 (Latest): const DocumentPolicy::ParsedDocumentPolicy& response_document_policy,
      Liang Zhao . unresolved

      If we are using std::move, we probably should not use reference as parameter. The caller would not expect the parameter to be moved if the paramter is const reference.

      File third_party/blink/renderer/core/workers/global_scope_creation_params.cc
      Line 75, Patchset 12 (Latest): document_policy(document_policy),
      Liang Zhao . unresolved

      The referrer_policy is copied, but others are using std::move, which one is better?

      File third_party/blink/renderer/core/workers/worker_classic_script_loader.h
      Line 123, Patchset 12 (Latest): const DocumentPolicy::ParsedDocumentPolicy& GetDocumentPolicy() const {
      return document_policy_;
      }
      Liang Zhao . unresolved

      If we return reference, and the other code does a std::move on it, would it make the policy not valid anymore afterwards?

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Monica Chintala
      Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement is not satisfiedCode-Owners
        • requirement is not satisfiedCode-Review
        • requirement is not satisfiedNo-Unresolved-Comments
        • requirement is not satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
        Gerrit-Change-Number: 7236250
        Gerrit-PatchSet: 12
        Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
        Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
        Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
        Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
        Gerrit-CC: Hongchan Choi <hong...@chromium.org>
        Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
        Gerrit-CC: Nate Chapin <jap...@chromium.org>
        Gerrit-CC: Xida Chen <xida...@chromium.org>
        Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
        Gerrit-Comment-Date: Fri, 19 Dec 2025 20:01:54 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: No
        satisfied_requirement
        unsatisfied_requirement
        open
        diffy

        Monica Chintala (Gerrit)

        unread,
        Dec 19, 2025, 6:43:23 PM12/19/25
        to Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
        Attention needed from Liang Zhao

        Monica Chintala added 3 comments

        File third_party/blink/renderer/core/workers/dedicated_worker.cc
        Line 450, Patchset 12: const DocumentPolicy::ParsedDocumentPolicy& response_document_policy,
        Liang Zhao . resolved

        If we are using std::move, we probably should not use reference as parameter. The caller would not expect the parameter to be moved if the paramter is const reference.

        Monica Chintala

        Done

        File third_party/blink/renderer/core/workers/global_scope_creation_params.cc
        Line 75, Patchset 12: document_policy(document_policy),
        Liang Zhao . resolved

        The referrer_policy is copied, but others are using std::move, which one is better?

        Monica Chintala

        Forwarding is better than passing a reference for DP. Removed the reference and moved where ever is necessary.

        File third_party/blink/renderer/core/workers/worker_classic_script_loader.h
        Line 123, Patchset 12: const DocumentPolicy::ParsedDocumentPolicy& GetDocumentPolicy() const {
        return document_policy_;
        }
        Liang Zhao . resolved

        If we return reference, and the other code does a std::move on it, would it make the policy not valid anymore afterwards?

        Monica Chintala

        Done

        Open in Gerrit

        Related details

        Attention is currently required from:
        • Liang Zhao
        Submit Requirements:
          • requirement satisfiedCode-Coverage
          • requirement is not satisfiedCode-Owners
          • requirement is not satisfiedCode-Review
          • requirement is not satisfiedReview-Enforcement
          Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
          Gerrit-MessageType: comment
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
          Gerrit-Change-Number: 7236250
          Gerrit-PatchSet: 13
          Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
          Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
          Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
          Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
          Gerrit-CC: Hongchan Choi <hong...@chromium.org>
          Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
          Gerrit-CC: Nate Chapin <jap...@chromium.org>
          Gerrit-CC: Xida Chen <xida...@chromium.org>
          Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
          Gerrit-Comment-Date: Fri, 19 Dec 2025 23:43:10 +0000
          Gerrit-HasComments: Yes
          Gerrit-Has-Labels: No
          Comment-In-Reply-To: Liang Zhao <lz...@microsoft.com>
          satisfied_requirement
          unsatisfied_requirement
          open
          diffy

          Liang Zhao (Gerrit)

          unread,
          Dec 22, 2025, 12:58:11 PM12/22/25
          to Monica Chintala, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
          Attention needed from Monica Chintala

          Liang Zhao added 2 comments

          File third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc
          Line 297, Patchset 13 (Latest): security_init.ApplyDocumentPolicy(response_document_policy, String());
          Liang Zhao . unresolved

          This seems to be for report_only_document_policy_header. Are we ignoring report only policies, or there is a TODO to add that support?

          File third_party/blink/renderer/core/workers/worker_classic_script_loader.h
          Line 123, Patchset 13 (Latest): DocumentPolicy::ParsedDocumentPolicy GetDocumentPolicy() const {
          return document_policy_;
          }
          Liang Zhao . unresolved

          Just a note, with the current design, we are returning a copy of the policy every time this function is called, whether the caller needs a new copy or not. The previous version returns a reference, the caller could use it as a reference or assign the returned reference to a value if it want to use a copy of the value.
          It seems that the current caller needs a copy, so not much a difference.

          Open in Gerrit

          Related details

          Attention is currently required from:
          • Monica Chintala
          Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 13
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Mon, 22 Dec 2025 17:57:57 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Dec 23, 2025, 5:02:34 PM12/23/25
            to Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Liang Zhao

            Monica Chintala added 2 comments

            File third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc
            Line 297, Patchset 13: security_init.ApplyDocumentPolicy(response_document_policy, String());
            Liang Zhao . unresolved

            This seems to be for report_only_document_policy_header. Are we ignoring report only policies, or there is a TODO to add that support?

            Monica Chintala

            Missed it, added the support now.

            Added a struct DocumentPolicyBundle that has DocumentPolicy and report only header value. Can you please take a look?

            File third_party/blink/renderer/core/workers/worker_classic_script_loader.h
            Line 123, Patchset 13: DocumentPolicy::ParsedDocumentPolicy GetDocumentPolicy() const {
            return document_policy_;
            }
            Liang Zhao . resolved

            Just a note, with the current design, we are returning a copy of the policy every time this function is called, whether the caller needs a new copy or not. The previous version returns a reference, the caller could use it as a reference or assign the returned reference to a value if it want to use a copy of the value.
            It seems that the current caller needs a copy, so not much a difference.

            Monica Chintala

            Got it, thanks muc!

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Liang Zhao
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 16
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Luna Lu <loon...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Comment-Date: Tue, 23 Dec 2025 22:02:22 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            Comment-In-Reply-To: Liang Zhao <lz...@microsoft.com>
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Liang Zhao (Gerrit)

            unread,
            Jan 7, 2026, 12:50:23 PMJan 7
            to Monica Chintala, Luna Lu, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Monica Chintala

            Liang Zhao added 2 comments

            Patchset-level comments
            File-level comment, Patchset 16 (Latest):
            Liang Zhao . unresolved

            I see that you have spec change prepared. We probably should also add WPT tests for the feature. Are we going to add those right after this CL?

            File third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc
            Line 297, Patchset 13: security_init.ApplyDocumentPolicy(response_document_policy, String());
            Liang Zhao . unresolved

            This seems to be for report_only_document_policy_header. Are we ignoring report only policies, or there is a TODO to add that support?

            Monica Chintala

            Missed it, added the support now.

            Added a struct DocumentPolicyBundle that has DocumentPolicy and report only header value. Can you please take a look?

            Liang Zhao

            The change seems OK to me. The owners might have different opinion.
            It seems odd that we don't have something for both DP and report only DP already.

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Monica Chintala
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Wed, 07 Jan 2026 17:50:11 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            Comment-In-Reply-To: Liang Zhao <lz...@microsoft.com>
            Comment-In-Reply-To: Monica Chintala <moni...@microsoft.com>
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Jan 10, 2026, 2:24:13 AMJan 10
            to Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Liang Zhao

            Monica Chintala added 2 comments

            Patchset-level comments
            Liang Zhao . resolved

            I see that you have spec change prepared. We probably should also add WPT tests for the feature. Are we going to add those right after this CL?

            Monica Chintala
            File third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc
            Line 297, Patchset 13: security_init.ApplyDocumentPolicy(response_document_policy, String());
            Liang Zhao . unresolved

            This seems to be for report_only_document_policy_header. Are we ignoring report only policies, or there is a TODO to add that support?

            Monica Chintala

            Missed it, added the support now.

            Added a struct DocumentPolicyBundle that has DocumentPolicy and report only header value. Can you please take a look?

            Liang Zhao

            The change seems OK to me. The owners might have different opinion.
            It seems odd that we don't have something for both DP and report only DP already.

            Monica Chintala

            Thanks, I'll open the CL for further review from upstream folks.

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Liang Zhao
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Comment-Date: Sat, 10 Jan 2026 07:24:04 +0000
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Jan 10, 2026, 2:26:58 AMJan 10
            to Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland and Liang Zhao

            Monica Chintala added 1 comment

            Patchset-level comments
            Monica Chintala . resolved

            CYPTAL, thanks!

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 16
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Reviewer: Ian Clelland <icle...@chromium.org>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Luna Lu <loon...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Attention: Ian Clelland <icle...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Comment-Date: Sat, 10 Jan 2026 07:26:49 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Hiroshige Hayashizaki (Gerrit)

            unread,
            Jan 19, 2026, 3:44:27 PMJan 19
            to Monica Chintala, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Ian Clelland, Liang Zhao and Monica Chintala

            Hiroshige Hayashizaki added 4 comments

            Patchset-level comments
            Hiroshige Hayashizaki . unresolved

            Basically I'd like to wait for the spec PR to settle, i.e. https://github.com/whatwg/html/pull/12026, particularly annevk's input.

            Also, could you create a chromestatus entry for visibility? (You already have sufficient content, e.g. explainer, spec PR, etc.)
            See https://www.chromium.org/blink/launching-features/.
            Maybe we need some Intent-to-*, but I defer to relevant feature owners (Ian for Document Policy, Yoshisato for Workers).

            File third_party/blink/renderer/core/loader/modulescript/installed_service_worker_module_script_fetcher.cc
            Line 74, Patchset 16 (Latest): script_data->GetContentSecurityPolicyResponseHeaders()),
            Hiroshige Hayashizaki . unresolved

            `// TODO(crbug.com/450845903): Plumb Document Policy in Service Workers.`

            File third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc
            Line 198, Patchset 16 (Latest): DocumentPolicy::DocumentPolicyBundle{},
            Hiroshige Hayashizaki . unresolved

            We need a TODO comment for support module workers, and mention the lack of this support in the commit message.

            Are you planning implementing this in subsequent CLs before shipping this feature?

            File third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc
            Line 559, Patchset 16 (Latest): script_data->GetContentSecurityPolicyResponseHeaders()),
            Hiroshige Hayashizaki . unresolved

            `// TODO(crbug.com/450845903): Plumb Document Policy in Service Workers.`

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Ian Clelland
            • Liang Zhao
            • Monica Chintala
            Gerrit-Attention: Ian Clelland <icle...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Mon, 19 Jan 2026 20:44:14 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Jan 21, 2026, 5:52:23 PMJan 21
            to Yoshisato Yanagisawa, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Yoshisato Yanagisawa

            Monica Chintala voted and added 4 comments

            Votes added by Monica Chintala

            Commit-Queue+1

            4 comments

            Patchset-level comments
            Hiroshige Hayashizaki . unresolved

            Basically I'd like to wait for the spec PR to settle, i.e. https://github.com/whatwg/html/pull/12026, particularly annevk's input.

            Also, could you create a chromestatus entry for visibility? (You already have sufficient content, e.g. explainer, spec PR, etc.)
            See https://www.chromium.org/blink/launching-features/.
            Maybe we need some Intent-to-*, but I defer to relevant feature owners (Ian for Document Policy, Yoshisato for Workers).

            Monica Chintala

            Here is the chromestatus entry - https://chromestatus.com/feature/6242687411945472 for the DP in dedicated worker feature

            iclelland@ yyanagisawa@ Do we need intent to prototype as we already started impl work on this?

            File third_party/blink/renderer/core/loader/modulescript/installed_service_worker_module_script_fetcher.cc
            Line 74, Patchset 16: script_data->GetContentSecurityPolicyResponseHeaders()),
            Hiroshige Hayashizaki . resolved

            `// TODO(crbug.com/450845903): Plumb Document Policy in Service Workers.`

            Monica Chintala

            Done

            File third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc
            Line 198, Patchset 16: DocumentPolicy::DocumentPolicyBundle{},
            Hiroshige Hayashizaki . unresolved

            We need a TODO comment for support module workers, and mention the lack of this support in the commit message.

            Are you planning implementing this in subsequent CLs before shipping this feature?

            Monica Chintala

            Added a TODO (using the same crbug) to track Document Policy implementation across all worker types, including module workers.

            We plan to ship this per worker type, since some customers need the Dedicated Worker support immediately. So created the chromestatus entry accordingly. Let me know if this process works.

            If so, do I need to create separate crbugs for each of the worker impl instead of using one crbug.com/450845903

            File third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc
            Line 559, Patchset 16: script_data->GetContentSecurityPolicyResponseHeaders()),
            Hiroshige Hayashizaki . resolved

            `// TODO(crbug.com/450845903): Plumb Document Policy in Service Workers.`

            Monica Chintala

            Done

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Yoshisato Yanagisawa
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 19
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Reviewer: Ian Clelland <icle...@chromium.org>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Luna Lu <loon...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Attention: Ian Clelland <icle...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Attention: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-Comment-Date: Wed, 21 Jan 2026 22:52:14 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: Yes
            Comment-In-Reply-To: Hiroshige Hayashizaki <hiro...@chromium.org>
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Yoshisato Yanagisawa (Gerrit)

            unread,
            Jan 21, 2026, 11:05:16 PMJan 21
            to Monica Chintala, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Monica Chintala

            Yoshisato Yanagisawa added 1 comment

            Patchset-level comments
            Hiroshige Hayashizaki . unresolved

            Basically I'd like to wait for the spec PR to settle, i.e. https://github.com/whatwg/html/pull/12026, particularly annevk's input.

            Also, could you create a chromestatus entry for visibility? (You already have sufficient content, e.g. explainer, spec PR, etc.)
            See https://www.chromium.org/blink/launching-features/.
            Maybe we need some Intent-to-*, but I defer to relevant feature owners (Ian for Document Policy, Yoshisato for Workers).

            Monica Chintala

            Here is the chromestatus entry - https://chromestatus.com/feature/6242687411945472 for the DP in dedicated worker feature

            iclelland@ yyanagisawa@ Do we need intent to prototype as we already started impl work on this?

            Yoshisato Yanagisawa

            Yes, I suggest to send Intent to Prototype to gather attentions from web developers and Chromium developers if possible. I would like to know others' thought on this Document-Policy inheritance.

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Monica Chintala
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Thu, 22 Jan 2026 04:04:40 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            Comment-In-Reply-To: Hiroshige Hayashizaki <hiro...@chromium.org>
            Comment-In-Reply-To: Monica Chintala <moni...@microsoft.com>
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Feb 5, 2026, 12:20:42 AMFeb 5
            to Yoshisato Yanagisawa, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Yoshisato Yanagisawa

            Monica Chintala added 1 comment

            Patchset-level comments
            Hiroshige Hayashizaki . unresolved

            Basically I'd like to wait for the spec PR to settle, i.e. https://github.com/whatwg/html/pull/12026, particularly annevk's input.

            Also, could you create a chromestatus entry for visibility? (You already have sufficient content, e.g. explainer, spec PR, etc.)
            See https://www.chromium.org/blink/launching-features/.
            Maybe we need some Intent-to-*, but I defer to relevant feature owners (Ian for Document Policy, Yoshisato for Workers).

            Monica Chintala

            Here is the chromestatus entry - https://chromestatus.com/feature/6242687411945472 for the DP in dedicated worker feature

            iclelland@ yyanagisawa@ Do we need intent to prototype as we already started impl work on this?

            Yoshisato Yanagisawa

            Yes, I suggest to send Intent to Prototype to gather attentions from web developers and Chromium developers if possible. I would like to know others' thought on this Document-Policy inheritance.

            Monica Chintala

            Created I2P - https://groups.google.com/a/chromium.org/g/blink-dev/c/l-3DhX_uCco/m/Q3ZGgqg-AQAJ

            hiroshige@ iclelland@ yyanagisawa@ I’m still waiting to hear folk's thoughts on linking the DP WICG resources from HTML. So far, there doesn’t seem to be strong opposition to inheriting Document Policy via the Policy Container.
            If the CL here looks okay, what do you think about getting this merged?

            My current thinking is:

            • If the HTML changes are acceptable without requiring significant changes to the WG, we can proceed as-is.
            • If linking to WICG content from HTML isn’t acceptable unless DP moves to a WG, then we can instead look at adding worker inheritance semantics directly to the Document Policy spec.
            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Yoshisato Yanagisawa
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 21
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Reviewer: Ian Clelland <icle...@chromium.org>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Luna Lu <loon...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Attention: Ian Clelland <icle...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Attention: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-Comment-Date: Thu, 05 Feb 2026 05:20:25 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            Comment-In-Reply-To: Hiroshige Hayashizaki <hiro...@chromium.org>
            Comment-In-Reply-To: Monica Chintala <moni...@microsoft.com>
            Comment-In-Reply-To: Yoshisato Yanagisawa <yyana...@chromium.org>
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Yoshisato Yanagisawa (Gerrit)

            unread,
            Feb 5, 2026, 4:21:02 AMFeb 5
            to Monica Chintala, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Monica Chintala

            Yoshisato Yanagisawa added 2 comments

            Patchset-level comments
            Hiroshige Hayashizaki . unresolved

            Basically I'd like to wait for the spec PR to settle, i.e. https://github.com/whatwg/html/pull/12026, particularly annevk's input.

            Also, could you create a chromestatus entry for visibility? (You already have sufficient content, e.g. explainer, spec PR, etc.)
            See https://www.chromium.org/blink/launching-features/.
            Maybe we need some Intent-to-*, but I defer to relevant feature owners (Ian for Document Policy, Yoshisato for Workers).

            Monica Chintala

            Here is the chromestatus entry - https://chromestatus.com/feature/6242687411945472 for the DP in dedicated worker feature

            iclelland@ yyanagisawa@ Do we need intent to prototype as we already started impl work on this?

            Yoshisato Yanagisawa

            Yes, I suggest to send Intent to Prototype to gather attentions from web developers and Chromium developers if possible. I would like to know others' thought on this Document-Policy inheritance.

            Monica Chintala

            Created I2P - https://groups.google.com/a/chromium.org/g/blink-dev/c/l-3DhX_uCco/m/Q3ZGgqg-AQAJ

            hiroshige@ iclelland@ yyanagisawa@ I’m still waiting to hear folk's thoughts on linking the DP WICG resources from HTML. So far, there doesn’t seem to be strong opposition to inheriting Document Policy via the Policy Container.
            If the CL here looks okay, what do you think about getting this merged?

            My current thinking is:

            • If the HTML changes are acceptable without requiring significant changes to the WG, we can proceed as-is.
            • If linking to WICG content from HTML isn’t acceptable unless DP moves to a WG, then we can instead look at adding worker inheritance semantics directly to the Document Policy spec.
            Yoshisato Yanagisawa

            Thank you for the I2P.
            I expect we go through the procedure (https://www.chromium.org/blink/launching-features/#new-feature-process). Also, please ensure the feature kill switch works.
            Looks good to me other than them. I would like to listen to other reviewers thought.

            File third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
            Line 377, Patchset 21 (Latest): !response.CurrentRequestUrl().ProtocolIs("filesystem")) {
            Yoshisato Yanagisawa . unresolved

            Don't we need the flag check either of setting or returning?

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Monica Chintala
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Thu, 05 Feb 2026 09:20:32 +0000
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Feb 6, 2026, 5:30:49 PM (14 days ago) Feb 6
            to Yoshisato Yanagisawa, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Yoshisato Yanagisawa

            Monica Chintala added 2 comments

            Patchset-level comments
            Hiroshige Hayashizaki . unresolved

            Basically I'd like to wait for the spec PR to settle, i.e. https://github.com/whatwg/html/pull/12026, particularly annevk's input.

            Also, could you create a chromestatus entry for visibility? (You already have sufficient content, e.g. explainer, spec PR, etc.)
            See https://www.chromium.org/blink/launching-features/.
            Maybe we need some Intent-to-*, but I defer to relevant feature owners (Ian for Document Policy, Yoshisato for Workers).

            Monica Chintala

            Here is the chromestatus entry - https://chromestatus.com/feature/6242687411945472 for the DP in dedicated worker feature

            iclelland@ yyanagisawa@ Do we need intent to prototype as we already started impl work on this?

            Yoshisato Yanagisawa

            Yes, I suggest to send Intent to Prototype to gather attentions from web developers and Chromium developers if possible. I would like to know others' thought on this Document-Policy inheritance.

            Monica Chintala

            Created I2P - https://groups.google.com/a/chromium.org/g/blink-dev/c/l-3DhX_uCco/m/Q3ZGgqg-AQAJ

            hiroshige@ iclelland@ yyanagisawa@ I’m still waiting to hear folk's thoughts on linking the DP WICG resources from HTML. So far, there doesn’t seem to be strong opposition to inheriting Document Policy via the Policy Container.
            If the CL here looks okay, what do you think about getting this merged?

            My current thinking is:

            • If the HTML changes are acceptable without requiring significant changes to the WG, we can proceed as-is.
            • If linking to WICG content from HTML isn’t acceptable unless DP moves to a WG, then we can instead look at adding worker inheritance semantics directly to the Document Policy spec.
            Yoshisato Yanagisawa

            Thank you for the I2P.
            I expect we go through the procedure (https://www.chromium.org/blink/launching-features/#new-feature-process). Also, please ensure the feature kill switch works.
            Looks good to me other than them. I would like to listen to other reviewers thought.

            Monica Chintala

            For DP testing when feature is on, I've added a wpt test in the following CL https://chromium-review.googlesource.com/c/chromium/src/+/7546208/10/third_party/blink/web_tests/external/wpt/js-self-profiling/with-document-policy/dedicated-worker.https.html that checks DP exists and working! Do you think it will be sufficient?

            From the https://www.chromium.org/blink/launching-features/#new-feature-process, most of the things are done/in-progess

            1. Explainer
            2. I2P and Chromestatus
            3. Spec changes PR is open and under review
            3. Feature is behind a flag

            Are there any other things that I am missing other than spec PR which hasn't approved/merged. But yes, I'll wait to hear from other folks.

            File third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
            Line 377, Patchset 21: !response.CurrentRequestUrl().ProtocolIs("filesystem")) {
            Yoshisato Yanagisawa . resolved

            Don't we need the flag check either of setting or returning?

            Monica Chintala

            Guarded with feature flag when we set the DP in dedicated worker global scope and also here in script parsing

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Yoshisato Yanagisawa
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 22
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Reviewer: Ian Clelland <icle...@chromium.org>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Luna Lu <loon...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Attention: Ian Clelland <icle...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Attention: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-Comment-Date: Fri, 06 Feb 2026 22:30:40 +0000
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Yoshisato Yanagisawa (Gerrit)

            unread,
            Feb 12, 2026, 4:17:56 AM (8 days ago) Feb 12
            to Monica Chintala, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Monica Chintala

            Yoshisato Yanagisawa added 1 comment

            Patchset-level comments
            Yoshisato Yanagisawa

            I took a look at the linked WPT, and felt it does not cover all cases for Dedicated Workers described in the explainer and the spec PR. To ensure the implementation follows the 'Response Headers as Authoritative' model and the defined inheritance rules, I believe the following three cases should be verified:

            1. **Network script with `Document-Policy header`**: The effective policy is derived from the response header. (Currently covered by crrev.com/c/7546208)

            2. **Network script without `Document-Policy` header**: The effective policy should be the default (i.e. disabled), even if the creator document has the policy enabled. This is crucial to verify that no unintentional inheritance occurs for network workers.

            3. **Local scheme script (`blob:`, `data:`)**: The policy should be inherited from the creator document. It is written as TODO of this CL, but it would be good to have a test case (even if it's currently failing/expecting default) to track its implementation.

            Currently, the WPT seems to only focus on Case 1. You may need to implement Case 2 and Case 3 in addition.

            For the feature process, I do not come up with anything else. If I have to add, maybe having the test to ensure that the kill switch actually works.

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Monica Chintala
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Thu, 12 Feb 2026 09:17:23 +0000
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Feb 18, 2026, 12:05:25 PM (2 days ago) Feb 18
            to Yoshisato Yanagisawa, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, blink-revi...@chromium.org, blink-...@chromium.org, blink-work...@chromium.org, dom+...@chromium.org, gavinp...@chromium.org, hiroshig...@chromium.org, horo+...@chromium.org, jmedle...@chromium.org, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Yoshisato Yanagisawa

            Monica Chintala added 1 comment

            Patchset-level comments
            Monica Chintala

            yyanagisawa@ Thanks for taking a look. I added tests for other cases in the next CL. Does this look good now?

            In the current CL I updated DedicatedWorkerDocumentPolicyTest.DocumentPolicyInDedicatedWorker test to verify when DP works when feature enabled/disabled (also ensures kill switch works)

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Yoshisato Yanagisawa
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement is not satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement is not satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I3be9702f0e682e9d4436e5b065d2922740f49e88
            Gerrit-Change-Number: 7236250
            Gerrit-PatchSet: 24
            Gerrit-Owner: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Reviewer: Ian Clelland <icle...@chromium.org>
            Gerrit-Reviewer: Liang Zhao <lz...@microsoft.com>
            Gerrit-Reviewer: Monica Chintala <moni...@microsoft.com>
            Gerrit-Reviewer: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-CC: Hiroki Nakagawa <nhi...@chromium.org>
            Gerrit-CC: Hongchan Choi <hong...@chromium.org>
            Gerrit-CC: Luna Lu <loon...@chromium.org>
            Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
            Gerrit-CC: Nate Chapin <jap...@chromium.org>
            Gerrit-CC: Xida Chen <xida...@chromium.org>
            Gerrit-Attention: Hiroshige Hayashizaki <hiro...@chromium.org>
            Gerrit-Attention: Ian Clelland <icle...@chromium.org>
            Gerrit-Attention: Liang Zhao <lz...@microsoft.com>
            Gerrit-Attention: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-Comment-Date: Wed, 18 Feb 2026 17:05:14 +0000
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Yoshisato Yanagisawa (Gerrit)

            unread,
            Feb 19, 2026, 4:57:37 AM (yesterday) Feb 19
            to Monica Chintala, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, blink-revi...@chromium.org, blink-...@chromium.org, blink-work...@chromium.org, dom+...@chromium.org, gavinp...@chromium.org, hiroshig...@chromium.org, horo+...@chromium.org, jmedle...@chromium.org, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Monica Chintala

            Yoshisato Yanagisawa voted and added 1 comment

            Votes added by Yoshisato Yanagisawa

            Code-Review+1

            1 comment

            Patchset-level comments
            Yoshisato Yanagisawa

            yes.
            lgtm.

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Monica Chintala
            Gerrit-Attention: Monica Chintala <moni...@microsoft.com>
            Gerrit-Comment-Date: Thu, 19 Feb 2026 09:57:04 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: Yes
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Monica Chintala (Gerrit)

            unread,
            Feb 19, 2026, 7:04:47 PM (17 hours ago) Feb 19
            to Yoshisato Yanagisawa, Hiroshige Hayashizaki, Ian Clelland, Luna Lu, Liang Zhao, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, Hongchan Choi, Nate Chapin, Hiroki Nakagawa, Xida Chen, blink-revi...@chromium.org, blink-...@chromium.org, blink-work...@chromium.org, dom+...@chromium.org, gavinp...@chromium.org, hiroshig...@chromium.org, horo+...@chromium.org, jmedle...@chromium.org, iclella...@chromium.org, edg...@microsoft.com, blink-re...@chromium.org, kinuko...@chromium.org, speed-metrics...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, kouhei...@chromium.org, loading...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, shimazu...@chromium.org, zol...@webkit.org
            Attention needed from Hiroshige Hayashizaki, Ian Clelland, Liang Zhao and Yoshisato Yanagisawa

            Monica Chintala added 1 comment

            Patchset-level comments
            Monica Chintala

            hiroshige@ iclelland@ The feature is behind a flag and will not be enabled by default until the spec merge. Can I get your votes on landing this prototype CL if it looks good?

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Hiroshige Hayashizaki
            • Ian Clelland
            • Liang Zhao
            • Yoshisato Yanagisawa
            Gerrit-Attention: Yoshisato Yanagisawa <yyana...@chromium.org>
            Gerrit-Comment-Date: Fri, 20 Feb 2026 00:04:39 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy
            Reply all
            Reply to author
            Forward
            0 new messages