Why two exceptions

[zcorpan]

  if (err.name === 'NotAllowedError') {
    console.log('The user agent did not grant permission to access the file.');
  } else if (err.name === 'NotFoundError') {
    console.log('The file was not found in Cross-Origin Storage.');
  }

It seems like you would expose slightly less information by using NotFoundError for both of these cases.

[domfarolino]

I think it's pretty common to return NotAllowedError on the path of an API call that's gated by Permission Policy. Is that undesirable? It gives developers more granularity to key off of if they want it, but doesn't make it any harder for those that don't.

[tomayac]

There are a few cases we need to consider. The following list isn't complete, but covers the core situations:

• The developer requests a resource that isn't cached. (truly "not found")
• The developer requests a resource that is cached, but the UA decides to GREASE its response and lies. (scare quotes "not found")
• The developer requests a resource that is cached but from an origin the resource isn't stored for. ("not allowed")
• The developer requests a resource that is cached, but the UA decides the resource hasn't met the popularity or allowlist criteria. ("not allowed")

The follow-up action in all cases is the same, you request the resource from the network. I'm happy to follow your recommendation for what would be the most adequate error given the above, but would maybe be trending to using NotAllowedError.

[tomayac]

Oh, one more case:

• You say you will write a resource with the hash 123abc to the COS cache, but when you do and the API calculates the hash to better be safe than sorry and it's actually 456def, then we throw a NotAllowedError. ("not allowed")

[tomayac]

Just surveyed all existing third-party implementations (Transformers.js, WebLLM, and wllama) and observed none depend on an error name (and removed the error name dependency from our implementation in Emscripten and Flutter), so reducing to just one exception definitely seems to be the way to go based on three independent developer teams' choices. Just need to decide on which now…

[domfarolino]

so reducing to just one exception definitely seems to be the way to go based on three independent developer teams' choices.

Well, libraries can't gate behavior on native permissions policies (that don't exist), so naturally they don't have the "we throw NotAllowedError exceptions by virtue of permission policy" path. So I wouldn't rule throwing specific errors out for native platform behavior.

Do these libraries have the concept of "permissions"?

[tomayac]

Oh, right, I wasn't considering this additional case:

• The hosting frame disallows usage of the cross-origin-storage feature at all via its Permissions Policy. ("not allowed")

So let me list all cases again:

• The developer requests a resource that isn't cached. (truly "not found")
• The developer requests a resource that is cached, but the UA decides to GREASE its response and lies. (scare quotes "not found")
• The developer requests a resource that is cached but from an origin the resource isn't stored for. ("not allowed")
• The developer requests a resource that is cached, but the UA decides the resource hasn't met the popularity or allowlist criteria. ("not allowed")
• You say you will write a resource with the hash 123abc to the COS cache, but when you do and the API calculates the hash to better be safe than sorry and it's actually 456def. ("not allowed")
• The hosting frame disallows usage of the Cross-Origin Storage feature at all via its COS-related Permissions Policy (not specified yet). ("not allowed")

Any recommendation?