Tracking issue for speccing disallowed prerendering BC features

[domenic]

The prerendering browsing contexts explainer, supplemented by this Google doc, lists all the APIs we want to restrict. This issue is meant to track actually speccing those restrictions, in checklist form.

For some of these (e.g. cross-origin isolated) the outcome may be "don't restrict"; we can check the box when we explicitly make that decision and include a note in the spec about it being permissions-controlled but still not restricted.

• Storage access
  • Synchronous key-value stores
    • Cookies
    • localStorage
    • sessionStorage
  • Asynchronous APIs
    • IndexedDB
    • Cache storage
    • File System Access's origin-private file system
    • Storage Foundation API
• Complicated not-quite storage things
  • Shared workers
  • Service workers
  • BroadcastChannel
  • Web locks
• Permissions API-controlled features (registry, but the registry is not up to date)
  • Geolocation Spec some initial permissions check delays #36
  • Notifications Spec some initial permissions check delays #36
  • Notifications from within a service worker
  • Push
  • MIDI Spec some initial permissions check delays #36
  • Camera
  • Microphone
  • Speaker selection
  • Device info
  • Background fetch
  • Background sync
  • Bluetooth
  • Persistent storage
  • Ambient light sensor Restrict more disurptive features #45
  • Accelerometer Restrict more disurptive features #45
  • Gyroscope Restrict more disurptive features #45
  • Magnetometer Restrict more disurptive features #45
  • Clipboard read Restrict more disurptive features #45
  • Clipboard write Restrict more disurptive features #45
  • Display capture
  • NFC Restrict more disurptive features #45
  • Web USB
  • WebXR Spatial Tracking
  • Idle detection Spec some initial permissions check delays #36
  • File System Access (not the origin-private subset) Spec some initial permissions check delays #36
• Not-allowed-by-default permissions policy features (registry). Omitting ones already in permissions API list.
  • Asynchronous (despite not being permission-gated)
    • Battery status Restrict more disurptive features #45
    • Fullscreen Spec some initial permissions check delays #36
    • Picture-in-picture Introduce "implicitly restricted APIs". #62
    • Encrypted media extensions
    • Web Authentication public key credentials get
    • Wake lock Restrict more disurptive features #45 Introduce "implicitly restricted APIs". #62
    • HID
    • Serial
    • Web Share Restrict more disurptive features #45
    • Navigation override
  • Synchronous/no obvious JS entry point
    • Autoplay
    • Cross-origin-isolated cross-origin-isolated #52
    • Payment request API
    • Gamepad Specify restrictions on screen orientation and gamepads #53
    • Conversion measurement API
  • Can't tell; explainer doesn't have enough detail
    • Trust token redemption
• Features currently only controllable via sandbox=""
  • Asynchronous
    • Pointer lock Specify restrictions on screen orientation and gamepads #53
    • Orientation lock Specify restrictions on screen orientation and gamepads #53
    • window.open()
    • PresentationRequest Spec some initial permissions check delays #36
    • Downloads (e.g. <a download>.click())
    • Modal system dialogs (not <dialog>)
      • alert / print: no feedback to script
      • confirm / prompt: return value consumed by script
      • beforeunload

[mfalken]

Implementation note for autoplay: Chromium will likely defer loading the data during prerendering, to make it less costly if it's not used. That's currently what we're doing for NoStatePrefetch.