Comments (9)
Safari partitions storage, but blocks cookies, as I understand it. When you say storage do you mean both of those? For Firefox we are experimenting with partitioning both for the majority of third party sites (see https://groups.google.com/d/msg/mozilla.dev.platform/f2_hLdfsbq4/lNjFpEZPAgAJ). The hope is that this is more compatible than blocking. (I agree that blocking is attractive though, see also #7/#9.)
from storage-partitioning.
Sorry, thought I had replied earlier but I wound up losing the tab before submitting. Thanks for your response. I was referring more to the non-cookie storage mechanisms.
Safari has since posted what they do with their storage which is super handy. It looks like localStorage is both partitioned and ephemeral, while the rest is just partitioned.
My general thought is that partitioning is safest, and likely the way to go. I just wanted to verify that other browsers were also headed in that direction before doing so, as it's a lot of work. I'm still tempted to provide a subset (or even possibly a new) storage API specific to 3p contexts if other browsers were interested in that.
from storage-partitioning.
The model Firefox envisions is partitioned storage for third parties that can transition to non-partitioned storage when a third party is granted the storage-access permission. For both cookies and storage.
The way I see that transition working model-wise is through replacement: whatwg/storage#88. Which I'd like to to behave similarly to Clear-Site-Data
(that would be replacing with an empty storage shelf).
from storage-partitioning.
I chatted briefly with @erik-anderson about Edge's current state. They're currently denying storage to tracker sites and enabling it on storage access grant. Not sure what their long term strategy is though.
from storage-partitioning.
Ah yeah, other browsers have something akin to that too for trackers, but it's not clear that approach scales well to all third parties. Hence the model I mentioned above.
from storage-partitioning.
@jkarlin A quick clarification, would blocking the third party storage or cookies on Incognito Mode have an impact on the user experience? I think this would be good for the user privacy.
from storage-partitioning.
As an update, it seems there is relatively wide buy-in now across implementers for attempting to give third parties (partitioned) storage capabilities by default.
Cookies are tricky: #15.
And whether and how to transition from partitioned to non-partitioned is still to be discussed, but some experiments are ongoing. (See also earlier links to the Storage Standard repository issues.)
from storage-partitioning.
If its of use, Brave currently blocks all 3p storage (network cookies, but also all other storage in frames).
We are moving though (w/in months) to giving all 3p frames dual key'ed storage, life-timed under the 1p frame. We're also considering storage access API to give frames unpartitioned storage, but this is still being experimented with.
from storage-partitioning.
We had a TPAC breakout session on the topic, minutes are at https://docs.google.com/document/d/13oqM9AUnItnDw02zsvpT3DdYYOpIpl0_eTcnbS8rjUY/edit# (which links to some slides).
from storage-partitioning.
Related Issues (20)
- Scenario Validation (Embedded Component (Tableau) ) HOT 4
- Storage partitioning allowances for custom protocol frames HOT 3
- Cookie partitioning issues on PSL domains HOT 18
- consider including a "cross-site ancestor chain" bit in the storage key HOT 12
- Sharing of HTTP and fetch caches HOT 3
- Partitioned popups HOT 5
- A way to define an origin as safe, to disable partitioning HOT 5
- A1 -> B -> A2 nested documents and cookies (and SameSite=None) HOT 2
- Expose partitionedness HOT 9
- What about SameSite? HOT 1
- SessionStorage partitioning HOT 10
- Consider affordance for embedded frames in extension pages based on externally_connectable HOT 3
- Mention :visited
- First-party sets and Storage Partitioning HOT 5
- Ability to get localStorage value from third party iframe always blocked? HOT 9
- How to check programmatically that storage partitioning is enabled/disabled? HOT 1
- Opt out
- Accessing session storage in nested documents HOT 2
- How to use deprecation trial for unpartitioned third-party storage from an iframe
- BroadcastChannel being blocked need permissions dialog HOT 25
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from storage-partitioning.