Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Callback on every site accessing non-cookie storage #165

Open
amaliev opened this issue Jun 7, 2023 · 2 comments
Open

Callback on every site accessing non-cookie storage #165

amaliev opened this issue Jun 7, 2023 · 2 comments

Comments

@amaliev
Copy link

amaliev commented Jun 7, 2023

I'm trying to get a callback for every site that accesses any form of non-cookie storage. Which is the best algorithm to monkey patch from the Storage spec? I'm considering "obtain a storage key", but I'm not clear on the flow. Is this algorithm called once the first time an origin accesses local or session storage, and never before then? Also, could the browser run this algorithm for a non-site reason?

CC @inexorabletash @asutherland

@inexorabletash
Copy link
Member

(Apologies for a rambling reply; I'm feeling under the weather at the moment but this does raise good questions so I thought I'd weigh in.)

Integration of the actual storage endpoint API specs with Storage's bucket/bottle/etc model is very much a work in progress (at very low priority), and IMHO will likely require some tweaks to the Storage model. I believe the currently intended hook is defined in https://storage.spec.whatwg.org/#model and so you'd hook "obtain a storage bottle map".

But again, this is all very much spec fiction at the moment and I think it's fair to say (but I'm happy to be corrected!) that we haven't done the work to align the specs with reality or vice versa, so it's difficult to answer the "could the browser run this algorithm for a non-site reason?" question. For example, I think user-initiated clearing browsing data would count?

Non-storage APIs that need to follow the storage partitioning (e.g. BroadcastChannel, Web Locks, etc) also need a way to play here, and behind the scenes I assume the implementations use the storage keys, though that's not exported from Storage.

@mkruisselbrink
Copy link

Non-storage APIs that need to follow the storage partitioning (e.g. BroadcastChannel, Web Locks, etc) also need a way to play here, and behind the scenes I assume the implementations use the storage keys, though that's not exported from Storage.

For such APIs, the storage spec currently exports the "obtain a storage key for non-storage purposes" definition: https://storage.spec.whatwg.org/#obtain-a-storage-key-for-non-storage-purposes, which at least BroadcastChannel already uses in the spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants