[Spec] Integrate network revocation with credentialless iframes

[blu25]

https://wicg.github.io/anonymous-iframe/#dom-window-credentialless

Credentialless iframes' partitions are determined by a page credentialless nonce, which is unique to each top-level window.

Steps to fix this:

1. Extend our network revocation algorithm to revoke network access for the page credentialless nonce on top of the existing fenced frame partition nonce. This can be done simply by calling the new [=revoke network for a partition nonce=] algorithm on the relevant window's page credentialless nonce in the disableUntrustedNetwork() algorithm.
2. The "must be blocked due to a revoked partition nonce" algorithm must then be invoked in the fetch patch to pass in both the fenced frame nonce, and credentialless iframe nonce, if one exists. Currently, neither nonce is being passed in.

It seems that the pieces we need are there and easily accessible, but the biggest lingering question is making sure the nonces are in place when checking whether a navigation should be blocked (in step 2).

[domfarolino]

Please describe what "integrate" means? What needs to be done? Is there some processing model in that spec that we need to monkeypatch or invoke in a special way with fenced frames? Please make the OP text of this issue actionable with a problem statement and rough solution thoughts.

[blu25]

Updated the description with the steps that will need to be taken to get this to work. It doesn't seem too complicated as long as we can easily get access to the 2 nonces we need access to in the fetch algorithm.

[domfarolino]

Extend our network revocation algorithm to revoke network access for the page credentialless nonce on top of the existing fenced frame partition nonce. This can be done simply by calling the new [=revoke network for a partition nonce=] algorithm on the relevant window's page credentialless nonce in the disableUntrustedNetwork() algorithm.

Hmm, what do you mean by "relevant window"? Do you mean calling the [=revoke network for a partition nonce=] algorithm on the fenced frame's root Window and calling it on the primary main frame (like the actual top-level traversable above the fenced frame)? Or can we just keep the [=revoke network for a partition nonce=] scoped to the fenced frame's traversable navigable's window, since its page credentialless nonce is unrelated to the primary frame's nonce? I think the latter, but I'd love to confirm.

[blu25]

Hmm, what do you mean by "relevant window"? Do you mean calling the [=revoke network for a partition nonce=] algorithm on the fenced frame's root Window and calling it on the primary main frame (like the actual top-level traversable above the fenced frame)? Or can we just keep the [=revoke network for a partition nonce=] scoped to the fenced frame's traversable navigable's window, since its page credentialless nonce is unrelated to the primary frame's nonce? I think the latter, but I'd love to confirm.

I'm referring to the window returned by getting this's relevant global object, which I'm assuming will be the latter.