Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-site cookies standardization #16

Closed
annevk opened this issue Feb 18, 2022 · 10 comments
Closed

Cross-site cookies standardization #16

annevk opened this issue Feb 18, 2022 · 10 comments

Comments

@annevk
Copy link

annevk commented Feb 18, 2022
edited
Loading

As discussed in the last call it would be good to sort out our collective story around cookies. Tentative agenda for a dedicated meeting:

  1. Are the usual cross-site cookies "blocked" or "partitioned"?
  2. Do we need opt-in partitioned cookies? And if so, through CHIPS or requestStorageAccess(), or something else?
  3. How do we organize standardization?
  4. Interaction of cross-site cookies and SameSite=None.
  5. Ephemeral partitioned third-party storage (including cookies) by Brave: Top-Frame lifetime, partitioned storage for embedded frames proposals#18.
@krgovind
Copy link
Contributor

Speaking on behalf of Chrome, we'd be interested in this discussion.

@hober
Copy link
Member

hober commented Feb 28, 2022

How about the 5th Thursday of March (March 31st), in our usual telcon time slot? @annevk

@annevk
Copy link
Author

annevk commented Mar 1, 2022

Works for me!

@bc-pi
Copy link

bc-pi commented Mar 3, 2022

Will March 31st be put on the calendar? https://www.w3.org/groups/cg/privacycg/calendar

@krgovind
Copy link
Contributor

krgovind commented Mar 3, 2022

@annevk - If we have room on the agenda, would you be open to also discussing on the interaction of cross-site cookies and SameSite=None? I think the behavior of the "Block third-party cookies" setting varies subtly across browsers, so it would be great to understand how they vary and whether it's possible to align.

@annevk
Copy link
Author

annevk commented Mar 4, 2022

@krgovind sounds good, added that to OP.

@TanviHacks TanviHacks mentioned this issue Mar 14, 2022
Open
@TanviHacks TanviHacks mentioned this issue Mar 21, 2022
Open
@wseltzer wseltzer mentioned this issue Mar 29, 2022
Open
@TanviHacks
Copy link
Member

Due to some unforeseen schedule conflicts, we need to postpone this. We are planning to use our regular Thursday, April 14th teleconference for this ad hoc. Sorry about the last minute change!

@samuelweiler
Copy link

This has been rescheduled for 14 April 2022.

@erik-anderson
Copy link
Member

This has again been rescheduled. We'll now discuss this during our April 28th call.

This was referenced Apr 29, 2022
Open
Open
annevk added a commit to privacycg/storage-partitioning that referenced this issue Apr 29, 2022
@annevk
Decorate the Cookies section
4349567 
This is roughly where things stand today after having discussed 1-3 of privacycg/meetings#16.
@annevk annevk mentioned this issue Apr 29, 2022
Merged
@annevk
Copy link
Author

annevk commented May 3, 2022
edited
Loading

The minutes are now live at https://github.com/privacycg/meetings/blob/main/2022/telcons/04-28-minutes.md thanks to @hober. A follow-up meeting has been proposed in #19. I also followed up with the IETF in httpwg/http-extensions#2084 and privacycg/storage-partitioning#30 updates our Storage Partitioning document with relevant pointers. With that I'm closing this issue.

Thanks everyone for participating and also to the chairs for taking care of most things, including rescheduling this more than once!

@annevk annevk closed this as completed May 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@hober @annevk @TanviHacks @erik-anderson @samuelweiler @krgovind @bc-pi