W3C

– DRAFT –
TPAC 2022 - BTT WG - Day 2

16 September 2022

Attendees

Present
AutomatedTester, BrandonWalderman, DevinRousso, jgraham, JimEvans, MichaelMintz, patrickangle, PeterRushforth, sadym
Regrets
-
Chair
David Burns
Scribe
AutomatedTester, David Burns

Meeting minutes

rrsagent: make logs world-visible

rrsagent: make minutes

<patrickangle> Orca is the zoom room I should be in, right?

<jgraham> RRSAgent: make minutes

Network logging

git

github: https://github.com/w3c/webdriver-bidi/pull/204

jgraham (IRC): we have a PR up for introducing a network module that gives you a series of events to get netwrok activity
… it's limited to HTTP like connections only
… the use cases we are targeting are
… check whether a specific resource was requested
… and generating HAR files for perf monitoring
… we have discussed this in previous meetings which has shaped this
… we have added 1 set of events unlike the way CDP handles this
… and if we get a redirect we would add a flag to show that
… the API and how it works is still to be written
… and at this point what i would like to do is make sure that we don't have issues with the initial design before we start on the fetch integration
… otherwise it will be a lot of work to go back and redo it

Devin Rousso: i like that this is simpler, it's nice

automatedtester: Where is this in your priority list?

jgraham (IRC): this is pretty high in my list.
… we would liek to start prototyping this
… from our point it is not blocked on the fetch work that needs to happen but it would be good to get agreement on the api etc

sadym (IRC): how would the interception of redirects work since there is only 1 event/

jgraham (IRC): for logging we discussed in a previous group meeting
… the rough concensus then was to have 1 event and flags on it
… instead of events for all of the redirect chain
… assuming we are happy with that design
… [describes fields that could be added to the event]

Devin Rousso: would the request ID be maintained the whole time?

jgraham (IRC): I hadn't thought about that

Devin Rousso: [describes how it works in web inspector]

Devin Rousso: so as long as we use the same request iD for the network journey. For redirects we want to have the same ID or have a field saying it's a redirect
… i prefer the former but can make either work

jgraham (IRC): if you look through the current PR. there are TODO items in there that need answers. We can discuss
… or people could answer on the PR

<sadym> @foolip is about to review the PR

Devin Rousso: generally speaking we like this

Cookies

jgraham (IRC): This is something that doesn't have an open issue

<jgraham> https://github.com/w3c/webdriver-bidi/issues/287

<jgraham> github: https://github.com/w3c/webdriver-bidi/issues/287

the high level item for this topic is that we need ot have something here like webdriver classic
… I assume that people want this
… how do we want this to work?
… and then we have partitioned cookies do we want the API to return everything or just for the part of the partition?

Devin Rousso: in web inspector we have both
… in CDP network domain returns a list of cookies that could have been sent, including ones that could have been blocked
… e.g 3rd party cookies blocked by policy

Devin Rousso: I think we should go for the simpler option here as all cookies seems heavy handed

<jgraham> AutomatedTester: One of the things that comes up when dealing with cookies is the ability to set before you navigate to a page. IN WebDriver classic you can only set for the current page. It would be good to have the ability to interact directly with the cookie store without requiring a navigation.

Brandon Walderman: we're debating whether to show all cookies on a page or to a domain?
… if we're talking about adding a cookie domain that could straight to the cookie jar and doesn't need a network reques?

jgraham (IRC): I think like AutomatedTester_ (IRC) said, we want an aPi that allows us to interact with the cookie jar
… the comment about network request was more 'do we want to emulate CDP'? or do our own? i can't see use cases yet?

Brandon Walderman: a web dev might want to test their site with different level s of tracking being blocked during testing

Devin Rousso: as far your point AutomatedTester_ (IRC) I thinkj this will be handled by network interception
… a user could set this while setting up the network interception and they would set the cookie and away they go

jgraham (IRC): in interception there a way to handle that and we should and I think that we should also add a cookie API. Interception could be overkill for some usecases
… I think that this isn't provin to be uncontroversial
… we can discuss more in the PR

Jim Evans: it feels like the design goal of being able to implement classic on top of bidi not having an API that directly accessing it

Devin Rousso: my comment on network interception is that was purely for AutomatedTester_ (IRC) 's example but I do think that we need an API for interaction with the cookie jar

Should `BrowsingContext.create` wait for the initial page to be loaded?

github: https://github.com/web-platform-tests/wpt/issues/35846

sadym (IRC): the question was raised in the wpt test that faced during the test
… we weren't sure if the initial events for the navigation to about:blank would be handled
… Guarantee no initial navigation-related events are raised AFTER the browsingContext.create command is done.

<sadym> Guarantee no initial navigation-related events are raised AFTER the browsingContext.create command is done.

jgraham (IRC): i think what we want to guarantee for users
… is that we want the first event needs to be browsingContext.create event
… and not the load events
… the open question is do you then get a load event for the about;blank page/
… and I know there there are changes in gecko to align with chromium/webkit
… for the sake of wpt this should be enoug
… and the clients it makes their lives easier

sadym (IRC): what you said is slightly orthogonal to what I am mentioning
… browsercontext load and [other event] are done after create

jgraham (IRC): are you suggesting we don't send them/

sadym (IRC): yes,

jgraham (IRC): is this more with how the command returns to the user/

sadym (IRC): yes

<gsnedders> AutomatedTester: I'm trying my best.

jgraham (IRC): if i create a new context and doesn't navigate you should get a create event but not a load event for about;blank
… what about a navigation given/

sadym (IRC): we don't allow the navigation/

jgraham (IRC): so is this just the ordering/

sadym (IRC): yes

sadym (IRC): [explains
… how it works another use case]

jgraham (IRC): I am not confident how this would work with about:blank
… and I don't know how this should work
… for making the tests work why don't we just make sure the context created event
… or do we need to have all the events/

sadym (IRC): in the test we can rely that there are no events after the create
… what happens before could be implementation specific

jgraham (IRC): i think that sounds fine to me... especially since about;blank is special

<jgraham> _initial_ about:blank is special

Network request interception

github: https://github.com/w3c/webdriver-bidi/issues/66

jgraham (IRC): This is a more speculative item
… and I want to start work on the design so we can get it a little done over the next year
… we have talked about network logging to get some info
… but sometimes people want to intercept, modify and carry that on
… people want to intercept a request and send back a mocked response
… so I think this is a feature we should have
… so one thing here is that network interception can put a lot of pressure on the client to handle each
… and since some people test this locally and that's fine but we do have selenium users have this over the internet
… the proposal is there is an event for browsing context/realms and with some form of filter
… we have network events
… do we want separate events or use the logging and then return

<jgraham> AutomatedTester: My experience is that people using this feature in Selenium are confused about how this should/will work. For e2e testing this can be complex compared to lower level testing. Need to make it easier to use.

<jgraham> ... To the point about this being deployed over the internet, we can be talking about hundreds of requests that need to be intercepted. So prefiltering of events is a requirement.

<jgraham> ... I'm concerned that this could cause a problematic number of events for Selenium in the cloud providers

sadym (IRC): first question is add some kind of binding to the realm
… and try have this done in the browser and then return
… and then AutomatedTester_ (IRC) do you think that URL, resource type and interception stage is enough/

<sadym> https://chromedevtools.github.io/devtools-protocol/tot/Network/#type-RequestPattern

<jgraham> AutomatedTester: Yes, that seems fine. To the point about doing this on the remote end, if we can figure it out I'd prefer that kind of solution. Pushing everything onto the client is a problem if things are running in parallel; can end up with a huge number of simultaneous requests. Server side interception would fix that. But the filters are a good start.

Devin Rousso: within web inspector we have filters and it can even be at filtering on request/response
… webinspector doesnt have the resouirce type filtering

sadym (IRC): it's useful for changing cats to dogs on a page

jgraham (IRC): I can see resource filtering for all images then go for there

Devin Rousso: in web inspector we only allow filtering on EITHER request or response...
… our reason is if you control one or the other then it's easier
… we still send out the requests in case the server requires it
… it saves us trouble

jgraham (IRC): web extensions has a similar aPI here
… does your api have overlap with web extensions

Devin Rousso: there is some but I don't know if they have full overlap
… I don't have much knowledge of manifest v3

Luka: in chrome they have deprecated the interception API

jgraham (IRC): the stream API gives us what we need and we can manipulate it

luka: [mentions how this works with streams]

jgraham (IRC): [describes how things work in CDP]
… the main question is Do we start with how CDP works or how sadym (IRC) suggested that it happens in a sandbox specific way
… and I have a concern about how we this might work as we haven't got the primatives to make it work
… and we want to make sure we support clients that already here
… and it would be good to make sure we check how other groups are using it and then see if we can support them

AutomatedTester_ (IRC): I would vote for sadym (IRC) 's idea of putting this more onto the server

sadym (IRC): i want to point out that it adds complexity to the server
… so it's harder to implement and spec out

<jgraham> `getResponseBody` is used in Puppeteer/Playwright but `takeResponseBodyAsStream` is not.

automatedtester: My preference would be to add more complexity to this working group so that people can use this feature in a meaningful way rather than simplifying things for the sake of the spec and putting a lot of pressure on client authors and users and then no one uses the feature

jgraham (IRC): I am not convinced for clients that injecting Js would be easier for them
… there are perf reasons for injecting it all
… so for the first iteration that we allow people to replace the responses but not modify on the fly

Brandon Walderman: I do see the value of pushing things on to the server side for perf and ease of client creation
… but I am hearing that there is concern of doing it in a sandbox
… I wonder if there is a middle ground here where we can do some form of [explains data structures]
… that way we can block things easily
… and if you want more advanced cases then we can do more CDP
… and we can add the sandbox solution in the future

jgraham (IRC): I think it will add more work
… we can add a more declaritive later
… and that way we don't need to have a more complex JS execution
… it would be good to get a set of data from cloud providers here
… but build the low level APi and we can build a higher level API later

<sadym> +1 to what James said

<BrandonWalderman> +1

Bootstrap scripts

Github: https://github.com/w3c/webdriver-bidi/issues/65

jgraham (IRC): The concept here is we have a method that allows a script to be injected and run before a page is loaded
… the use case is we can define functionality that will be guaranteed when we access the page
… and we don't need to worry about racing with loading
… my reason for adding this to the agenda
… in berlin there was a talk about priorities
… and seeing that it is in a number of clients
… so my questions are
… what is the priority of this work?
… and what is the MVP to make this feature useful

Devin Rousso: one of the reasons I suggested this in 2019 is that itenables us to do things without having to creating new events
… it gives us access to the events and apis that are there
… I think that this important but it's behind the networking interception
… it's important and we should do it

<DevinRousso> AutomatedTester: i think it'd be more accurate to say they're both kinda equal in my mind?

sadym (IRC): it's high priority as it's required in puppeteer
… it was raised in berlin that it was going to be used by selenium to do things with the DOM
… so it's a high priority

<sadym> is was mutationObserver

<DevinRousso> ^ yeah that's one use case I see for it

<DevinRousso> a big one

jgraham (IRC): there is agreement that clients want it and it has a reasonable priority
… so the next thing is how do we get there?
… so the proposal is fairly complicated because it has a lot of filtering
… but cDP just wants us to run things
… one of the things here is that the JS might want to communicate back the client
… and we have punted on that so we might need to solve that first before coming back to this
… looking at this issue the main issue is how do you configure this since its before the page is loaded
… [describes how this runs in a function]

<jgraham> https://chromedevtools.github.io/devtools-protocol/tot/Page/#method-addScriptToEvaluateOnNewDocument

<DevinRousso> +1 to having it be just "here's a script to run, i'll figure out what to do in JS myself"

<jgraham> https://github.com/w3c/webdriver-bidi/issues/157

Devin Rousso: I think the webdriver side to comms this looks fine
… there is a extension scopes in webkit that allows us to be able do some extensions when running
… and I am not against having this have be a function
… mesage port seems fine but we don't need everything on it
… and it would be good to describe the data that is sent back
… [describes a use case]

jgraham (IRC): treating this a stack, when serialsing we wont be doing anything special in this context
… so javascript objects are serialised back
… to discuss the previous design spaces
… in cDp there is an add binding method that allows it to be available globally
… there are 2 other options
… we might want to message from a non-bootstrapped script to others
… the other option is we have special value the client sends to handle this like a message port but not quite a message port
… it puts the client in charge here as they can create the port and tells the browser
… an advantage of separate ports is that it becomes implicit in the protocol

<DevinRousso> AutomatedTester: e.g. sending a DOM node back to the driver, which would do some sort of conversion to some format that the driver can handle (ideally the same primitives used elsewhere in WebDriver)

sadym (IRC): it will be a little complicated to implement it in chromium
… it exposes things globally but not to all realms
… there is not concept of a binding argument

jgraham (IRC): my understand of CDP is that you can do add binding because you don't know what the realm id will be for the boostrap script
… so you can sandbox the bootstrap script and that limits to where it canrun

sadym (IRC): that is true
… when you bootstrap you can describe how the script will be called in the sandbox

Devin Rousso: in webkit I think we do it when the realm is created
… and I am not sure we can filter as there are things we don't want to expose everything to the client
… I think it would be better to basic and primative and let the driver do it but if we want to do something more complex that is fine too. It's managing state there...
… isolatedvs in the page... we can do that later
… in either scenario we can do it as scope extension
… and we can give them the building blocks to do the right thing for them
… in the scenario where the driver provides the script to say run this everywhere...
… I can see there be an event when the bootstrap script is created
… and get people to listen
… i can see both ways working

jgraham (IRC):I am hearing we want this feature and we want the scripts to run in a sandbox... or not
… and there is a need for some form of messaging coming out of those scripts
… that seems reasonable to me
… I don't know how easy it will be to implement it
… in the sandbox case it will be the most useful

Devin Rousso: I think the non-sandboxed version being the most useful
… I think we will need both

<sadym> could you please repeat the proposed dates?

<DevinRousso> i believe it was 11/28-12/02

rrsagent: Make minutes

Minutes manually created (not a transcript), formatted by scribe.perl version 192 (Tue Jun 28 16:55:30 2022 UTC).

Diagnostics

Succeeded: s/guarantee that we don't raise any events until browsingContext create is completed/Guarantee no initial navigation-related events are raised AFTER the browsingContext.create command is done.

Succeeded: s/all/allow/

Maybe present: Luka, rrsagent