Allow partitioned cookies #13
Comments
|
I think for WebKit, we'd be more comfortable with just blocking all third-party cookies. Partitioned storage is dangerous in combination with Storage Access API, unless it's made ephemeral. But ephemeral storage doesn't have that much advantage over local variables in JavaScript. |
|
I forgot to say that __k2 cookies would always be partitioned, |
Partitioned cookies can always be simulated via postmessage,sending a first-party cookie value or other origin specific data point, to embedded contexts. If partitioned cookies are dangerous then so is postMessage and third-party script running in top level context. The problem with it is its slow, error prone, and opaque. k2 cookies avoid that because they can be immediately detected, they need a user prompt etc. They also avoid the postMessage and extra turnround but are more transparent and privacy preserving. |
|
Partitioned cookies persist past the point of any frame to the site being opened and perhaps past browser quit (if not ephemeral). Third-party script running in top level context is indeed dangerous. |
|
Forward-duping to #75. |
One way to allow partitioned storage for cookies would to allow embedded contexts to request the placement of double-keyed i .e. top level origin partitioned, cookies using a name prefix.
A third-party cookies with the name prefix (say)
__k2_(k2 means double keyed) would be partitioned and only visible in the context of the top level parent origin.Other attempts to place 3rd party cookies without storage access would be blocked as per the Safari proposal.
This would be a very useful feature as it allows the storage of immediately available (to embedded contexts) user status such as site-specific consent, avoiding the need for a another round-trip or continuous complex cross domain postMessage handling. It could enable other privacy preserving techniques such as consent based targeted advertising.
The text was updated successfully, but these errors were encountered: