spec
spec copied to clipboard
WebAssembly
[web-api] Limit cross-origin sharing of Wasm modules.
This was discussed, and voted on in the June 22nd meeting (notes). The suggested solution was to limit sharing modules across origins. There is some discussion in the linked issue #1303, but it doesn't look like the HTML spec has a way to enforce an origin check in the serialization infrastructure.
This PR aims to store the origin as well as the agent cluster, and throw if there has been an attempt to post message across origin, the text right doesn't handle opaque origins as they are null when serialized. Another option is to be vague and include a same-origin check, but digging into it more, it's not clear how this would be implemented. Opening this PR to gather feedback, I'm also quite unfamiliar with the HTML spec, so links to existing infrastructure to do this correctly appreciated.
Closes #1303.
I'd still like a reply to my question in https://github.com/WebAssembly/spec/issues/1303#issuecomment-829087678.
I read the minutes and it's clear my point there was not considered or addressed as it's a rather high-level discussion. And the minutes also seem to contain something that illustrates a rather fundamental misunderstanding of how this works:
Change Wasm spec to mention origins instead of agent clusters
As to @Ms2ger's question, normally an opaque origin would also imply a different agent cluster (and this PR keeps the agent cluster in tact, as it should), but there is this edge case that is still unsolved: https://github.com/whatwg/html/issues/5254.
I'm closing this for now, because without infrastructure that the Wasm web spec can use, and better consensus on the checks themselves, this is out of scope for the Wasm CG. Will reopen if anything changes. Sorry for the slow response, I was unsure about the status of the various parts of the deprecations that are connected to this, and had some trouble with parsing the information across different parts of the spec.