Report body interfaces #216
Comments
|
Re not finding a spec for All three of these use the full interface approach, similar to Permissions Policy. |
|
Thanks! That certainly tips the balance, at least in specs space, toward the full-interface approach. Although it feels a little unnecessary to create new constructor-less classes for things that are just data holders (see w3ctag/design-principles#11), it's not the end of the world. It's the current inconsistency that's troublesome, and in particular as HTML editor reviewing the COEP and COOP spec patches, I'm not sure what to do. |
|
|
We could switch to plain ES objects; there's really no benefit that I can see to using classes. It was added to support ReportingObserver; I suspect that it was originally so that we could use IDL to express the structure and the members that would be present. |
|
You could still use dictionaries, either behind the scenes in implementations, or in specs if desired (although I'm not sure that would buy much). |
|
There was #164 where toJSON() wasn't working in Chromium, but there were also spec changes made. Just pointing it out, in case it matters here. |
|
Yeah, using normal JS objects (dictionaries) would be a more natural way of solving that, instead of having the code generator generate a bunch of getters and a toJSON() method. |
|
Following up from discussion of this on blink-dev. The principle of using dictionaries when there's only data makes sense to me. But dictionaries can't be used as attributes and |
|
I think Report itself can be a dictionary, looking at how it's used? |
|
Yes, |
Oh I see, make Report a dictionary and then ReportBody isn't an attribute anymore so all of them can be dictionaries too. Yeah that makes sense. I'm just looking over to try to understand if there would be any non-trivial web compat implications of this. @clelland thoughts? |
|
I can't see any compat issues -- without the interface object currently being exposed, there doesn't seem to be any way to get the type of a Reports (and their bodies) currently look like |
|
(Not that anyone should be using something other than the |
|
Yeah it looks like it is possible in theory, eg: But poking around at this stuff (like |
|
Alright, sounds like we're converging on just moving all of these to dictionaries, right? |
|
That's the one that does it... That would change to Object for a dictionary, I suspect, if anyone were actually relying on it. It does seem substantially less likely to be a compatibility risk, for sure. |
This change removes any suggestion that the two interface names (and the names of those interfaces which inherit from `ReportBody`) should be exposed on the global object. `ReportBody` is purely abstract, and exists so that it can be used as the type of the `body` member of `Report`, while still allowing other specifications to define new subtypes for their own report types. Closes: #216
Looking at Chromium's implementation, I see a lot of "report body" interfaces:
ReportBodyCSPViolationReportBodyCoopAccessViolationReportBodyDeprecationReportBodyInterventionReportBodyDocumentPolicyViolationReportBodyFeaturePolicyViolationReportBodyHowever, most of these don't exist in specifications. And, many of them are using
[NoInterfaceObject], which no longer exists on the web platform (it was removed from Web IDL).I'm unsure how the spec is supposed to work here, and the specs definitely don't seem to match implementations.
The Reporting API's "queue a violation report" algorithm takes an "object". But, the
ReportingObserverAPI usesReportBody, so is there an implicit requirement that such objects be subclasses ofReportBody?Some specs appear to fill this out using a generic "a new object" language, e.g. Fetch and COEP. This does not involve any interfaces. The proposed COOP reporting spec in Cross origin opener policy reporting whatwg/html#5518 does the same, although as noted above, the in-progress Chromium implementation seems to use an interface. How do these things show up in
ReportingObserver?I can't figure out what the CSP spec is doing, but it certainly doesn't use
CSPViolationReportBody.I can't find any spec for
InterventionReportBodyorDeprecationReportBody.DocumentPolicyViolationReportBodydoesn't exist in Document Policy, and I can't find where that spec queues reports. Maybe that part isn't written yet?Permissions Policy seems to be fully on board the interface train: it declares a proper, non-NoInterfaceObject report body interface, and sends that through the "queue a violation report" algorithm.
This seems like a pretty big mess.
My recommendation if we were starting from scratch would be to not use interfaces for this, and have "queue a violation report" take either an object, or something more structured (like a
record<USVString, any>or an Infra ordered map) to give guidance to callers. Implementations could unobservably use IDL dictionaries behind the scenes if they wanted, but specs would use the Fetch/COEP/COOP style of just supplying a table of keys/values. And we'd get rid ofReportBodyentirely and makeReportingObserver'sbodyjust anobject?instead of aReportBody?.However, we're not starting from scratch, so I'm unsure what the best path forward is.
/cc @clelland @camillelamy @mikewest
The text was updated successfully, but these errors were encountered: