Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Shared Storage monkey patches #160

Merged
merged 2 commits into from
Sep 27, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
274 changes: 11 additions & 263 deletions spec.bs
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,17 @@ Note: A later algorithm [=asserts=] that, for any [=contribution cache entry=]
before the [=process contributions for a batching scope=] steps are
performed given the entry's [=contribution cache entry/batching scope=].

APIs exposing Private Aggregation {#apis-exposing-private-aggregation}
----------------------------------------------------------------------

<em>This section is non-normative.</em>

This API is currently exposed in global scopes defined in two specifications:
1. <a href="https://wicg.github.io/shared-storage/">Shared Storage</a>'s and
1. <a href="https://wicg.github.io/turtledove/">Protected Audience</a>'s (via
alexmturner marked this conversation as resolved.
Show resolved Hide resolved
the <a href="#protected-audience-api-monkey-patches">monkey patches</a>
below).

Structures {#structures}
========================

Expand Down Expand Up @@ -1185,269 +1196,6 @@ Note: Without this, [=aggregatable reports=] would be subject to delays, making

</div>

Shared Storage API monkey patches {#shared-storage-api-monkey-patches}
======================================================================

Issue(43): This should be moved to the Shared Storage spec.

Issue: Go through all monkey patches and ensure every definition (including)
structures that is needed is exported.

<xmp class="idl">
partial interface SharedStorageWorkletGlobalScope {
readonly attribute PrivateAggregation privateAggregation;
};

dictionary SharedStoragePrivateAggregationConfig {
USVString aggregationCoordinatorOrigin;
USVString contextId;
[EnforceRange] unsigned long long filteringIdMaxBytes;
};

partial dictionary SharedStorageRunOperationMethodOptions {
SharedStoragePrivateAggregationConfig privateAggregationConfig;
};
</xmp>

The {{SharedStorageWorkletGlobalScope/privateAggregation}} [=getter steps=] are
to [=get the privateAggregation=] given [=this=].

Add the following algorithm in the subsection
"<a href="https://wicg.github.io/shared-storage/#run-op-shared-storage">Run
Operation Methods on `SharedStorage`</a>":

<div algorithm>
To <dfn>obtain the aggregation coordinator</dfn> given a
{{SharedStorageRunOperationMethodOptions}} |options|, perform the following
steps. They return an [=aggregation coordinator=], null or a {{DOMException}}:

1. If
|options|["{{SharedStorageRunOperationMethodOptions/privateAggregationConfig}}"]
does not [=map/exist=], return null.
1. If
|options|["{{SharedStorageRunOperationMethodOptions/privateAggregationConfig}}"]["{{SharedStoragePrivateAggregationConfig/aggregationCoordinatorOrigin}}"]
does not [=map/exist=], return null.
1. Let |url| be the result of running the [=URL parser=] on
|options|["{{SharedStorageRunOperationMethodOptions/privateAggregationConfig}}"]["{{SharedStoragePrivateAggregationConfig/aggregationCoordinatorOrigin}}"].
1. If |url| is failure or null, return a new {{DOMException}} with name
"`SyntaxError`".

Issue: Consider throwing an error if the path is not empty.
1. Let |origin| be |url|'s [=url/origin=].
1. If the result of [=determining if an origin is an aggregation coordinator=]
given |origin| is false, return a new {{DOMException}} with name
"`DataError`".
1. Return |origin|.

</div>

<div algorithm>
To <dfn>obtain the pre-specified report parameters</dfn> given a
{{SharedStorageRunOperationMethodOptions}} |options| and a [=browsing context=]
|context|, perform the following steps. They return a [=pre-specified report
parameters=], null, or a {{DOMException}}:
1. If |options|["{{SharedStorageRunOperationMethodOptions/privateAggregationConfig}}"]
does not [=map/exist=], return null.
1. Let |privateAggregationConfig| be
|options|["{{SharedStorageRunOperationMethodOptions/privateAggregationConfig}}"].
1. Let |contextId| be null.
1. If |privateAggregationConfig|["{{SharedStoragePrivateAggregationConfig/contextId}}"]
[=map/exists=], set |contextId| to
|privateAggregationConfig|["{{SharedStoragePrivateAggregationConfig/contextId}}"].
1. If |contextId|'s [=string/length=] is greater than 64, return a new
{{DOMException}} with name "`DataError`".
1. Let |filteringIdMaxBytes| be the [=default filtering ID max bytes=].
1. If |privateAggregationConfig|["{{SharedStoragePrivateAggregationConfig/filteringIdMaxBytes}}"]
[=map/exists=], set |filteringIdMaxBytes| to
|privateAggregationConfig|["{{SharedStoragePrivateAggregationConfig/filteringIdMaxBytes}}"].
1. If |filteringIdMaxBytes| is not [=set/contained=] in the [=valid filtering ID
max bytes range=], return a new {{DOMException}} with name "`DataError`".
1. If |context|'s [=browsing context/fenced frame config instance=] is not null:
1. If |filteringIdMaxBytes| is not the [=default filtering ID max bytes=] or
|contextId| is not null, return a new {{DOMException}} with name
"`DataError`".
1. Return a new [=pre-specified report parameters=] with the items:
: [=pre-specified report parameters/context ID=]
:: |contextId|
: [=pre-specified report parameters/filtering ID max bytes=]
:: |filteringIdMaxBytes|

</div>

The {{SharedStorageWorklet}}'s {{SharedStorageWorklet/run()}} method steps are
modified in four ways. First, add the following steps just after step 4
("[=Assert=]: <var ignore>window</var> is a [=Window=]"), renumbering later
steps as appropriate:
<div algorithm="shared-storage-run-monkey-patch-1">
5. Let |context| be <var ignore>window</var>'s [=Window/browsing context=].
1. If |context| is null, then return [=a promise rejected with=] a
{{TypeError}}.
1. Let |preSpecifiedParams| be the result of [=obtaining the pre-specified
report parameters=] given |options| and |context|.
1. If |preSpecifiedParams| is a {{DOMException}}, return [=a promise rejected
with=] |preSpecifiedParams|.
1. Let |aggregationCoordinator| be the result of [=obtaining the aggregation
coordinator=] given |options|.
1. If |aggregationCoordinator| is a {{DOMException}}, return [=a promise
rejected with=] |aggregationCoordinator|.

</div>
Second, add the following steps in the nested scope just after "Let |operation|
be |operationMap|[|name|]." (renumbering later steps as appropriate):
<div algorithm="shared-storage-run-monkey-patch-2">
2. Let |batchingScope| be a new [=batching scope=].
1. Let <var ignore>debugScope</var> be a new [=debug scope=].
1. Let |privateAggregationTimeout| be null.
1. Let |isDeterministicReport| be false.
1. If |preSpecifiedParams| is not null:
1. Set |isDeterministicReport| to the result of [=determining if a report
should be sent deterministically=] given |preSpecifiedParams|.
1. If |isDeterministicReport|:
1. Set |privateAggregationTimeout| to the [=current wall time=] plus the
[=deterministic operation timeout duration=].
1. [=Set the pre-specified report parameters for a batching scope=] given
|preSpecifiedParams| and |batchingScope|.
1. If |aggregationCoordinator| is not null, [=set the aggregation coordinator
for a batching scope=] given |aggregationCoordinator| and |batchingScope|.

</div>

Third, add the following steps in the same nested scope just before the current
penultimate step ("If <var ignore>options</var>
[=map/contains=] <var ignore>data</var>", renumbering the last step as
appropriate):
<div algorithm="shared-storage-run-monkey-patch-3">
1. Let |hasRunPrivateAggregationCompletionTask| be false.
1. Let |privateAggregationCompletionTask| be an algorithm to perform the
following steps:
1. If |hasRunPrivateAggregationCompletionTask|, return.
1. Set |hasRunPrivateAggregationCompletionTask| to true.
1. [=Mark a debug scope complete=] given <var ignore>debugScope</var>.
1. [=Process contributions for a batching scope=] given
<var ignore>batchingScope</var>, <var ignore>outsideSettings</var>'
[=environment settings object/origin=], "<code>shared-storage</code>"
and |privateAggregationTimeout|.
1. If <var ignore>isDeterministicReport</var>>, run the following steps [=in
parallel=]:
1. Wait until |privateAggregationTimeout|.
1. Run |privateAggregationCompletionTask|.

</div>

Finally, at the end of the same nested scope, add the following step:
<div algorithm="shared-storage-run-monkey-patch-4">
9. When the above [=call=] returns, perform the following steps:
1. Run <var ignore>privateAggregationCompletionTask</var>.

</div>

The {{SharedStorageWorklet}}'s {{SharedStorageWorklet/selectURL()}} method steps
are modified in three ways. First, add the following steps just after step 6
("If <var ignore>context</var> is null..."), renumbering later steps:
<div algorithm="shared-storage-selecturl-monkey-patch-1">
7. Let |preSpecifiedParams| be the result of [=obtaining the pre-specified
report parameters=] given |options| and <var ignore>context</var>.
1. If |preSpecifiedParams| is a {{DOMException}}, return [=a promise rejected
with=] |preSpecifiedParams|.
1. Let |aggregationCoordinator| be the result of [=obtaining the aggregation
coordinator=] given |options|.
1. If |aggregationCoordinator| is a {{DOMException}}, return [=a promise
rejected with=] |aggregationCoordinator|.

</div>
Second, add the following steps in the nested scope just after "Let |operation|
be |operationMap|[|name|]." (renumbering later steps as appropriate):
<div algorithm="shared-storage-selecturl-monkey-patch-2">
2. Let |batchingScope| be a new [=batching scope=].
1. Let |debugScope| be a new [=debug scope=].
1. Let |privateAggregationTimeout| be null.
1. Let |hasRunPrivateAggregationCompletionTask| be false.
1. Let |privateAggregationCompletionTask| be an algorithm to perform the
following steps:
1. If |hasRunPrivateAggregationCompletionTask|, return.
1. Set |hasRunPrivateAggregationCompletionTask| to true.
1. [=Mark a debug scope complete=] given |debugScope|.
1. [=Process contributions for a batching scope=] given
|batchingScope|, <var ignore>outsideSettings</var>'
[=environment settings object/origin=], "<code>shared-storage</code>"
and |privateAggregationTimeout|.
1. If |aggregationCoordinator| is not null, [=set the aggregation coordinator
for a batching scope=] given |aggregationCoordinator| and |batchingScope|.
1. If |preSpecifiedParams| is not null:
1. Let |isDeterministicReport| be the result of [=determining if a report
should be sent deterministically=] given |preSpecifiedParams|.
1. If |isDeterministicReport|:
1. Set |privateAggregationTimeout| to the [=current wall time=] plus the
[=deterministic operation timeout duration=].
1. [=Set the pre-specified report parameters for a batching scope=] given
|preSpecifiedParams| and |batchingScope|.
1. If |isDeterministicReport|, run the following steps [=in parallel=]:
1. Wait until |privateAggregationTimeout|.
1. Run |privateAggregationCompletionTask|.

</div>
Finally, at the end of the same nested scope, add the following steps:
<div algorithm="shared-storage-selecturl-monkey-patch-3">
13. Run <var ignore>privateAggregationCompletionTask</var>.

</div>

Issue: Once <a href="https://github.com/wicg/shared-storage/issues/88">
shared-storage/88</a> is resolved, align the above monkey patches with how
`keepAlive` is handled at operation completion.

The {{Worklet/addModule()}} steps are modified to add a new step just before
the final step ("Return <var ignore>promise</var>."), renumbering the last step
as appropriate:
<div algorithm="shared-storage-addmodule-monkey-patch">
7. If |this| is a {{SharedStorageWorklet}}, [=upon fulfillment=] of |promise| or
[=upon rejection=] of |promise|, run the following steps:
1. Let |globalScopes| be |this|'s [=Worklet/global scopes=].
1. [=Assert=]: |globalScopes|' [=list/size=] equals 1.
1. Let |privateAggregationObj| be |globalScopes|[0]'s
{{SharedStorageWorkletGlobalScope/privateAggregation}}.
1. Set |privateAggregationObj|'s [=PrivateAggregation/allowed to use=] to
the result of determining whether [=this=]'s [=relevant global
object=]'s [=associated document=] is [=allowed to use=] the
"<code>[=private-aggregation=]</code>" [=policy-controlled feature=].

Issue: Consider adding an early return here (and equivalently for
Protected Audience) if the permissions policy check is made first.
1. Set |privateAggregationObj|'s [=PrivateAggregation/scoping details=] to a
new [=scoping details=] with the items:
: [=scoping details/get batching scope steps=]
:: An algorithm that returns the [=batching scope=] that is scheduled to
be passed to [=process contributions for a batching scope=] when the
call currently executing in |scope| returns.
: [=scoping details/get debug scope steps=]
:: An algorithm that returns the [=debug scope=] that is scheduled to be
passed to [=mark a debug scope complete=] when the call currently
executing in |scope| returns.

Note: Multiple operation invocations can be in-progress at the same
time, each with a different batching scope and debug scope. However,
only one can be currently executing.

</div>

Issue: Once <a href="https://github.com/wicg/shared-storage/issues/89">
shared-storage/89</a> is resolved, align the above monkey patch with how
access to `sharedStorage` is prevented in
{{SharedStorageWorkletGlobalScope}}s until {{Worklet/addModule()}}'s initial
execution is complete.

Note: This extends Shared Storage's existing {{Worklet/addModule()}}
<a href="https://wicg.github.io/shared-storage/#worklet-monkey-patch">
monkey patch</a>.

[=Implementation-defined=] values {#shared-storage-implementation-defined-values}
---------------------------------------------------------------------------------

<dfn>Deterministic operation timeout duration</dfn> is a non-negative
[=duration=] that controls how long a Shared Storage operation may make Private
Aggregation contributions if it is triggering a deterministic report and,
equivalently, when that report should be sent after the operation begins.

Protected Audience API monkey patches {#protected-audience-api-monkey-patches}
==============================================================================

Expand Down
Loading