explicit revoke and automatic expiry #7
Comments
|
Giving up storage access is of limited effectiveness, since the frame has already had a chance to read state by then, and could be storing it in a variable. Sure, it won't see new writes, but if all it wanted to do is read a unique ID, it won't be affected. Given all that, what is the use case for revocation? I'm also unsure about automatic expiration based on a timeout. I guess since there's a browser enforced maximum, this is intended as an action on behave of the user, but I'm not clear on the threat it protects against. |
michael-oneill
changed the title
|
Once storage access is revoked there will be no access to cookies or localStorage to embeds. Anything stored in javascript variables would only apply to the context which had storage access, but in subsequent contexts after expiry it is lost. |
|
Well, we don't have revocation APIs for other permissions. It's not immediately clear to me the site should have a say in that. (It also opens up new abuse vectors that would have to be thought through and closed, for instance.) |
|
If you mean by site the embed, then it does have a say - It is actively calling |
|
I'm going to close out this issue, as I think the discussion has run its course. Please let me know if we should re-open. |
There should be a way for embedded contexts to explicitly revoke their storage access if they no longer need it, along with a way to pass an expiry time parameter when they call
requestStorageAccess.The expiry time would be limited to a overall browser enforced maximum.
The text was updated successfully, but these errors were encountered: