@Maud Nalpas <ma...@google.com> is taking over the DevRel work.

On Sat, May 27, 2023 at 12:21 AM Rick Byers <rby...@chromium.org> wrote:

> Thanks for the update Daniel. Still LGTM. Good luck!
>
> On Fri, May 26, 2023 at 10:25 AM Daniel Vogelheim <vogelh...@google.com>
> wrote:
>
>> Hello all, it's been a while... The bug reports should now be resolved,
>> and we'd like to have another go at this in the M115 milestone. That is:
>> Remain at 50% on beta; starting with 115 ramp up on stable to 1% / 10% /
>> 50% / 100%, every 14d. Let's hope it sticks this time.
>>
>> Daniel
>>
>> On Fri, Mar 31, 2023 at 3:54 PM Daniel Vogelheim <vogelh...@google.com>
>> wrote:
>>
>>> Hello all, I'm afraid I have to delay this a bit more. :(
>>>
>>> We have a bug report (tracked in crbug.com/1429587) that breaks
>>> existing apps. The important thing here is that it does not break
>>> document.domain setting and subsequent cross-origin access, but that
>>> instead -- if the conditions are just right; or arguably just wrong -- the
>>> app can get into a state where same-origin accesses are mistakenly blocked.
>>> Apparently an app can get into a state where frames within the same page
>>> are inconsistently assigned to agent clusters (i.e., frames in the same
>>> origin end up in different processes), and thus subsequent accesses within
>>> that origin may fail.
>>>
>>> My plan right now is to leave this on at 50% beta, but to not proceed to
>>> any stable releases at any percentage. I'll update this thread when I have
>>> a better handle on the bug and can suggest a good way to proceed.
>>>
>>> On Fri, Jan 20, 2023 at 5:12 PM Eiji Kitamura <agek...@google.com>
>>> wrote:
>>>
>>>> FYI, the enterprise bit has been added to the article.
>>>> https://developer.chrome.com/blog/immutable-document-domain/
>>>>
>>>> On Tue, Jan 17, 2023 at 1:21 AM Brandon Heenan <bhee...@google.com>
>>>> wrote:
>>>>
>>>>> We'll make the update in the enterprise release notes too. Thanks for
>>>>> keeping us in the loop
>>>>>
>>>>> On Mon, Jan 16, 2023 at 9:46 AM Rick Byers <rby...@chromium.org>
>>>>> wrote:
>>>>>
>>>>>> Thanks so much Eiji!
>>>>>>
>>>>>> On Mon, Jan 16, 2023 at 3:06 AM Eiji Kitamura <agek...@google.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I've updated the blog post
>>>>>>> <https://developer.chrome.com/blog/immutable-document-domain/> stating
>>>>>>> Chrome 111 is where we ship the feature, but looks like it's rolling out
>>>>>>> through 111 and 112?
>>>>>>> I'll update the blog post to mention
>>>>>>> `OriginAgentClusterDefaultEnabled` enterprise policy.
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Jan 14, 2023 at 1:37 AM Rick Byers <rby...@chromium.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Thanks for the update Daniel, good luck!
>>>>>>>>
>>>>>>>> In case others, like me, have missed or forgotten the long history
>>>>>>>> of this difficult deprecation and what it means for web developers, 
>>>>>>>> this blog
>>>>>>>> post is a good summary
>>>>>>>> <https://developer.chrome.com/blog/immutable-document-domain/>.
>>>>>>>> One critical thing it doesn't mention, but probably should, is that 
>>>>>>>> the OriginAgentClusterDefaultEnabled
>>>>>>>> enterprise policy
>>>>>>>> <https://chromeenterprise.google/policies/#OriginAgentClusterDefaultEnabled>
>>>>>>>> can also be used to revert the default on managed devices (though it 
>>>>>>>> looks
>>>>>>>> like the launching milestone needs to be updated there too).
>>>>>>>>
>>>>>>>> Rick
>>>>>>>>
>>>>>>>> On Fri, Jan 13, 2023 at 9:53 AM 'Daniel Vogelheim' via blink-dev <
>>>>>>>> blink-dev@chromium.org> wrote:
>>>>>>>>
>>>>>>>>> Hello all,
>>>>>>>>>
>>>>>>>>> We've now handled the bugs we've discovered, and I would like to
>>>>>>>>> make another attempt at launching. I'll follow the plan that was 
>>>>>>>>> approved
>>>>>>>>> here, but two milestones later: Launch to 50% beta in M111 (or late 
>>>>>>>>> M110,
>>>>>>>>> if I can still catch a bit of that release cycle), and then ramp on 
>>>>>>>>> stable
>>>>>>>>> once M112 is out.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Dec 14, 2022 at 6:36 PM Daniel Vogelheim <
>>>>>>>>> vogelh...@google.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello all,
>>>>>>>>>>
>>>>>>>>>> An update: Unfortunately we have discovered a bug with this
>>>>>>>>>> feature, just as I was getting ready to enable it. The bug also 
>>>>>>>>>> affects
>>>>>>>>>> pages that have not even set document.domain. Since I have now 
>>>>>>>>>> missed a
>>>>>>>>>> substantial portion of the 109 beta cycle I'd like to delay the roll 
>>>>>>>>>> out
>>>>>>>>>> once more, and shift it by one milestone (or two; depending on when
>>>>>>>>>> everything is fixed).
>>>>>>>>>>
>>>>>>>>>> On the positive side: Recently the last of the previously
>>>>>>>>>> identified big document.domain users, that together accounted for 
>>>>>>>>>> about 50%
>>>>>>>>>> of remaining usage, has dropped their usage. So current usage is 
>>>>>>>>>> lower than
>>>>>>>>>> previously reported. See the usage dip around late November at
>>>>>>>>>> deprecate.it (1st graph).
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 10, 2022 at 5:42 PM Mike Taylor <
>>>>>>>>>> miketa...@chromium.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> LGTM3
>>>>>>>>>>>
>>>>>>>>>>> On 11/10/22 11:18 AM, Chris Harrelson wrote:
>>>>>>>>>>>
>>>>>>>>>>> LGTM2
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 10, 2022, 4:19 AM Yoav Weiss <yoavwe...@chromium.org>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> LGTM1 to roll this out to 50% of Beta/Dev/Canary for either
>>>>>>>>>>>> M108 or M109, and carefully roll this out for M110, once it hits 
>>>>>>>>>>>> stable.
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Nov 9, 2022 at 7:05 PM Daniel Vogelheim <
>>>>>>>>>>>> vogelh...@google.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Nov 9, 2022 at 6:10 PM Mike Taylor <
>>>>>>>>>>>>> miketa...@chromium.org> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 10/27/22 11:49 PM, 'Daniel Vogelheim' via blink-dev wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello all,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The approval for the Intent To Ship for Origin Isolation By
>>>>>>>>>>>>>> Default / Deprecate document.domain
>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/>
>>>>>>>>>>>>>> asks for a separate intent for the actual default change
>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/m/Ybgtf3JfAQAJ>.
>>>>>>>>>>>>>> This is that separate intent.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> A summary of what happened so far:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - Shipping Origin Isolation by Default (and thereby
>>>>>>>>>>>>>> deprecating document.domain) has security benefits, but 
>>>>>>>>>>>>>> compatibility risk.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - We added warnings to the developer console and issues
>>>>>>>>>>>>>> panel, published a blog post, and engaged in direct outreach. 
>>>>>>>>>>>>>> This has
>>>>>>>>>>>>>> resulted in substantial, measurable reduction of usage. Some 
>>>>>>>>>>>>>> sites keep
>>>>>>>>>>>>>> using document.domain, but have mitigated the deprecation with 
>>>>>>>>>>>>>> other means.
>>>>>>>>>>>>>> This makes the risk difficult to measure.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - Sampling of sites with document.domain usage and manual
>>>>>>>>>>>>>> inspection yields a potential breakage estimate at ~0.015% of 
>>>>>>>>>>>>>> page views.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> What we're asking for here is:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> - Enable the feature at 50% for beta (+ dev + canary) during
>>>>>>>>>>>>>> M109, as a "last call" for web site authors.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This sounds like a good idea. Is there any reason we couldn't
>>>>>>>>>>>>>> go to 50% in M108 as well (or are you trying to avoid breakage 
>>>>>>>>>>>>>> over the
>>>>>>>>>>>>>> winter holidays)?
>>>>>>>>>>>>>>
>>>>>>>>>>>>> No reason. I'd be happy to go to beta as soon as I receive the
>>>>>>>>>>>>> lgtms. I had conservatively budgeted that to be 109. :-)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Another question: do we have enterprise policies available
>>>>>>>>>>>>>> for this change?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Yes; the policy is here: OriginAgentClusterDefaultEnabled
>>>>>>>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:components/policy/resources/templates/policy_definitions/Miscellaneous/OriginAgentClusterDefaultEnabled.yaml>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> - Launch on stable on M110. (~ Feb '23, so >12 weeks out from
>>>>>>>>>>>>>> today)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ------------------------
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Contact emails v...@chromium.org, vogelh...@chromium.org
>>>>>>>>>>>>>> Specification Explainer:
>>>>>>>>>>>>>> https://github.com/mikewest/deprecating-document-domain HTML
>>>>>>>>>>>>>> Spec draft:
>>>>>>>>>>>>>> https://github.com/whatwg/html/compare/main...otherdaniel:dd
>>>>>>>>>>>>>> API spec Yes
>>>>>>>>>>>>>> Summary
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This is a follow-on to the Intent to Ship: Origin Isolation
>>>>>>>>>>>>>> By Default / Deprecate document.domain
>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/>.
>>>>>>>>>>>>>>  We'd
>>>>>>>>>>>>>> like to ship this in M110, stable.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Summary (of the underlying change) Change the default
>>>>>>>>>>>>>> behavior of the Origin-Agent-Cluster: header / document.domain 
>>>>>>>>>>>>>> settability.
>>>>>>>>>>>>>> Presently, pages within Chromium have site-keyed agent
>>>>>>>>>>>>>> clusters by default, unless the Origin-Agent-Cluster: header is 
>>>>>>>>>>>>>> explicitly
>>>>>>>>>>>>>> set to true. This accommodates pages or frames which want to 
>>>>>>>>>>>>>> access each
>>>>>>>>>>>>>> other's state, despite being on different origins (but within a 
>>>>>>>>>>>>>> site). This
>>>>>>>>>>>>>> is fine for any pages that wish to do so, but because a page 
>>>>>>>>>>>>>> *might* set
>>>>>>>>>>>>>> document.domain later on, Chromium currently must use site-keyed 
>>>>>>>>>>>>>> agent
>>>>>>>>>>>>>> clusters for *all* pages by default even though the overwhelming 
>>>>>>>>>>>>>> majority
>>>>>>>>>>>>>> of pages do not ever make use of this (mis-)feature. In turn, 
>>>>>>>>>>>>>> this requires
>>>>>>>>>>>>>> Chromium to use sites as the basis for renderer process 
>>>>>>>>>>>>>> isolation (via Site
>>>>>>>>>>>>>> Isolation), which exposes origins to same-site but cross-origin 
>>>>>>>>>>>>>> attacks
>>>>>>>>>>>>>> involving compromised renderer processes or the "Spectre" family 
>>>>>>>>>>>>>> of
>>>>>>>>>>>>>> side-channel attacks.
>>>>>>>>>>>>>> This proposal changes the default behaviour of
>>>>>>>>>>>>>> Origin-Agent-Cluster. From a developer's point of view, the new 
>>>>>>>>>>>>>> default
>>>>>>>>>>>>>> matches "Origin-Agent-Cluster: ?1". The initial implementation 
>>>>>>>>>>>>>> will use
>>>>>>>>>>>>>> origin-keyed agent clusters for all (non-opted out) origins, 
>>>>>>>>>>>>>> without
>>>>>>>>>>>>>> changing how many processes Chromium creates. Over time, we can 
>>>>>>>>>>>>>> then adapt
>>>>>>>>>>>>>> Chromium's isolation strategy towards origin-keyed processes 
>>>>>>>>>>>>>> without
>>>>>>>>>>>>>> further affecting web-visible behaviour.
>>>>>>>>>>>>>> The developer-visible aspect of this is that for pages with
>>>>>>>>>>>>>> origin-keyed agent clusters, document.domain is no longer 
>>>>>>>>>>>>>> settable. Thus,
>>>>>>>>>>>>>> we have marked this intent as a deprecation.
>>>>>>>>>>>>>> Note that this proposal is about the default. Both modes -
>>>>>>>>>>>>>> site-keyed or origin-keyed agent clusters - remain available to 
>>>>>>>>>>>>>> any site,
>>>>>>>>>>>>>> but origin-keyed agent clusters change from opt-in to opt-out. 
>>>>>>>>>>>>>> The current
>>>>>>>>>>>>>> behaviour remains available by setting "Origin-Agent-Cluster: 
>>>>>>>>>>>>>> ?0".
>>>>>>>>>>>>>> Blink component Blink>SecurityFeature
>>>>>>>>>>>>>> TAG review
>>>>>>>>>>>>>> https://github.com/w3ctag/design-reviews/issues/564
>>>>>>>>>>>>>> Risks: Interoperability and Compatibility
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> There are compatibility risks, which we have reduced with
>>>>>>>>>>>>>> outreach and warnings, and we want to mitigate further by 
>>>>>>>>>>>>>> launching at 50%
>>>>>>>>>>>>>> of beta first. An extended discussion of the risk (including 
>>>>>>>>>>>>>> attempts at
>>>>>>>>>>>>>> quantitative assessment) can be found in the original intent
>>>>>>>>>>>>>> to ship
>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/>
>>>>>>>>>>>>>> .
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Gecko: Standards position request
>>>>>>>>>>>>>> <https://github.com/mozilla/standards-positions/issues/601>.
>>>>>>>>>>>>>> ("Worth prototyping")
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> WebKit:
>>>>>>>>>>>>>> https://lists.webkit.org/pipermail/webkit-dev/2021-December/032067.html
>>>>>>>>>>>>>> (No signals.)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Web developers: No signals.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Activation - Deprecation plan
>>>>>>>>>>>>>> M109: Enable "Origin Agent Cluster by Default" for 50% of
>>>>>>>>>>>>>> page loads on beta, dev, and canary.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> M110: Enable "Origin Agent Cluster by Default" on stable.
>>>>>>>>>>>>>>   Security This change should be security-positive, since
>>>>>>>>>>>>>> setting document.domain will not have any impact on the origin 
>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>> document any more.
>>>>>>>>>>>>>> Debuggability A deprecation warning has been added to
>>>>>>>>>>>>>> DevTools console and to the issues panel in M98. This warning 
>>>>>>>>>>>>>> will file a
>>>>>>>>>>>>>> deprecation report as well using the Reporting API, if so 
>>>>>>>>>>>>>> configured.
>>>>>>>>>>>>>> Will this feature be supported on all six Blink platforms
>>>>>>>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
>>>>>>>>>>>>>> Yes
>>>>>>>>>>>>>> Is this feature fully tested by web-platform-tests
>>>>>>>>>>>>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>
>>>>>>>>>>>>>> ? This is covered by Origin-keyed Agent Cluster tests
>>>>>>>>>>>>>> <https://wpt.live/html/browsers/origin/origin-keyed-agent-clusters/>
>>>>>>>>>>>>>> .
>>>>>>>>>>>>>> Tracking bug https://crbug.com/1139851
>>>>>>>>>>>>>> Launch bug https://crbug.com/1246823
>>>>>>>>>>>>>> Link to entry on the Chrome Platform Status
>>>>>>>>>>>>>> https://chromestatus.com/feature/5428079583297536
>>>>>>>>>>>>>> (document.domain setter deprecation)
>>>>>>>>>>>>>> https://chromestatus.com/features/5683766104162304
>>>>>>>>>>>>>> (Origin-keyed agent clusters)
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>>>> Google Groups "blink-dev" group.
>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>>>>> it, send an email to blink-dev+unsubscr...@chromium.org.
>>>>>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNEMgvrOehp5%2Bf48yQ62pY3xqXqATPNxWZ6aYQ%2BXeHHAg%40mail.gmail.com
>>>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNEMgvrOehp5%2Bf48yQ62pY3xqXqATPNxWZ6aYQ%2BXeHHAg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>>>>>>>>>> .
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>> Google Groups "blink-dev" group.
>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>>> it, send an email to blink-dev+unsubscr...@chromium.org.
>>>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW0vt%2BzXxGf_f7YBF2Lq1K1y5F_VJMtK6whuSiQX9_t3g%40mail.gmail.com
>>>>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW0vt%2BzXxGf_f7YBF2Lq1K1y5F_VJMtK6whuSiQX9_t3g%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>>>>>>>> .
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>>> Groups "blink-dev" group.
>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>> send an email to blink-dev+unsubscr...@chromium.org.
>>>>>>>>> To view this discussion on the web visit
>>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPFMpseckt22K5bd%2BRsctwWihiwCdSA9vvCTZw_tOtT5A%40mail.gmail.com
>>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPFMpseckt22K5bd%2BRsctwWihiwCdSA9vvCTZw_tOtT5A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>>>>> .
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Eiji Kitamura / えーじ | Developer Advocate | @agektmr
>>>>>>> <https://twitter.com/agektmr> | Office Location: Tokyo Shibuya
>>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Eiji Kitamura / えーじ | Developer Advocate | @agektmr
>>>> <https://twitter.com/agektmr> | Office Location: Tokyo Shibuya
>>>>
>>>

-- 
Eiji Kitamura / えーじ | Developer Advocate | @agektmr
<https://twitter.com/agektmr> | Office Location: Tokyo Shibuya

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOW%3Dx-DkXban1NTMJpVkX5Aw7atT9J5whoOJw4wcCDREMSNCtw%40mail.gmail.com.

Reply via email to