-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[audioworklet] Enforcing SecureContext on audioWorklet.addModule() #1436
Comments
We're closing since we've discussed and it falls to Worklet to decide how this goes... our spec doesn't have to change, |
Houdini WG issue: w3c/css-houdini-drafts#505 |
I think this should be reopened since it does directly affect your specification. E.g., we shold not expose |
@annevk Is there a clear writeup of what paint worklets are doing re: this issue? It'd be easier than reverse engineering the intent from Chromium diffs. My guess is that we add Reopening to make sure we track this. |
From https://groups.google.com/a/chromium.org/d/msg/blink-dev/Jex3idOld48/VeOxMUNDBAAJ:
I can state that this also goes for Mozilla. |
(You didn't hit reopen btw.) |
@annevk Now we have @joeberkovitz We can add this change to PR #1445 since it's really tiny. |
The accessor for the worklet itself should have the extended attribute too. Otherwise, what's the processing model for the getter of that accessor in insecure contexts? |
I see. Just to confirm: is this correct?
|
Yes, that looks correct to me. EDIT: Take that with a grain of salt... the spec doesn't currently have an |
... although perhaps |
Hmm. Perhaps. The error message will suggests something like "the definition is not registered in AudioWorklet". Referring an object that's not instantiable sounds a bit off. |
Sorry, revising my comment above, it should be: partial interface Window {
[SameObject, SecureContext]
readonly attribute Worklet audioWorklet;
}; No need to add anything to |
Oh, we're moving Thread: #1435 |
Thanks for clarifying!. :) Then yeah, as you wrote above. But if you're really specing it as a partial then this would be preferred: [SecureContext]
partial interface BaseAudioContext {
readonly attribute AudioWorklet audioWorklet;
} ... to imply that the partial is not applied in non-secure contexts. If you just used |
Agreed. IMHO, the API surface should make sense in each type of context. Having a type exposed in a non-secure context which can't possibly be used there seems weird. |
Yes. That was my intention.
Okay, I will raise the issue in the meeting soon. Adding |
I have made these changes in #1445. Reopening this bug and connecting to that PR as the fix. |
I don't think we have a broader consensus on this, but it might be worth to discuss it in our WG. Here are related issues from TAG and CSS Houdini TF:
w3ctag/design-principles#75
w3c/css-houdini-drafts#379
In short, the argument is that HTTPS should be enforced on
audioWorklet.addModule()
.I generally agree with this idea because running JS code on the higher priority thread (audio rendering thread) should take extra caution. We might want to see this as a feature rather than a restriction.
In terms of the spec work, this work needs to be done in the Worklet - not in its variants (Paint/Audio/Animation...). However, if we find a potential issue on it we want to raise a flag before it's too late.
The text was updated successfully, but these errors were encountered: