-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can Third-party deprecation trail token be valid across multiple sites or needs separate for each site #361
Comments
This linked DT is for "Third-Party Embeds and Services", so the 3P origin is the one that must apply and deploy tokens. It will provide 3P cookies to the 3P origin across multiple 1Ps (B,C,D in your example). You can read more about this DT here: |
Thank you @wanderview. Just to confirm, same behavior(and third party deprecation) applies on mobile android and webview too. right? |
On Chrome for Android, yes. WebView has not announced any plans to remove 3P cookies (and technically, they're disabled by default - and have to be re-enabled w/ https://developer.android.com/reference/android/webkit/CookieManager#setAcceptThirdPartyCookies(android.webkit.WebView,%20boolean)) |
@miketaylr / @wanderview Will grace period/origin trail take care of scenario like this or do we need to update the code/implementation for recaptcha even if I am part of exemption/origin trail? |
Correct link: #328 @kumarrishav can you restate your question? I don't follow. |
I understand the origin trail / exemption will give us some time to do the upgrade and change. But let's say i am also using service like recaptcha.net as third party integration along with existing one. That will be impacted by third party cookie change as well. right? the above origin trail won't help with recaptcha.net. Correct? |
I think you're looking for https://developers.google.com/privacy-sandbox/blog/3pcd-first-party-deprecation-trial-available - but @wanderview can verify. |
Ah. So, if Site B (my site) is embeded in Site A (merchant) and Site B comes with recaptcha.net integration. Then I will need third party deprecation trail for B and add the token and for recaptcha.net , Site B will create first party token for recaptcha.net and add that token. Hence, two origin-trail token header (if i am using header) need to be added in Site B. And a site can have multiple origin-trail token header and all will be honored (if valid) |
As a 3P embed you can only apply for the deprecation trial for your own origin. You cannot request tokens for other origins, like recaptcha. In regards to recaptcha support, please see this comment from that team: Edit: Better status link for recaptcha: https://github.com/privacysandbox/privacy-sandbox-dev-support/blob/main/3pcd-readiness.md#anti-fraud-and-anti-abuse |
That's great. So, At the moment we are not blocked by recaptcha. Thanks for the update. But let's assume: if we are blocked - then adding first party deprecation trail token on my own origin should take care of recaptcha (or any similar usecase). Right? |
Adding a top-level DT token to your 1P site can address breakage in one or more 3Ps embedded on that site, yes. |
Another question: Is Chrome app in ios also impacted by this third-party deprecation? |
I believe third-party cookies are already blocked by default in Chrome on ios. The deprecation trial will have no effect in ios. |
@wanderview understood. But what about partitioned attribute? is this attribute valid in chrome for ios? |
Hey @kumarrishav, the Partitioned attribute is not yet implemented on WebKit. You can track the status of the Partitioned attribute on WebKit in the standards position issue we have opened for the feature. |
Let's say, My
site A
that gets embedded across multiple sites B,C,D.so, if I am creating a token (https://developer.chrome.com/origintrials/#/view_trial/3315212275698106369) and adding in my site A, will it work across multiple sites B,C,D?
or is this token specific for the particular site (who is embedding site A)?
Basically, what's the web origin in the register form stands for ? (origin of the host site who is embedding Site A or site A origin where it's hosted)
The text was updated successfully, but these errors were encountered: