Contact emails cfred...@chromium.org, johann...@chromium.org, shuu...@chromium.org
Explainer https://github.com/privacycg/storage-access/blob/main/README.md https://github.com/cfredric/chrome-storage-access-api/blob/main/README.md Specification https://privacycg.github.io/storage-access Summary The Storage Access API provides a means for authenticated cross-site embeds to check whether access to unpartitioned cookies is blocked and request access if it is blocked. This request may be surfaced to the user as a prompt, or auto-granted/auto-denied. Chrome will support the Storage Access API by implementing all the behaviors listed in the specification, i.e. with user prompts, and additionally having its own user-agent-specific behaviors. Chrome’s implementation is available for testing <https://github.com/cfredric/chrome-storage-access-api#testing-instructions> starting in Chrome 117. The Storage Access API is related to other cookie-focused projects like CHIPS <https://developer.chrome.com/en/docs/privacy-sandbox/chips/> and First-Party Sets <https://github.com/WICG/first-party-sets> as preparation for phasing out third-party cookies <https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/> in Chrome. Note that Edge previously sent an I2I <https://groups.google.com/a/chromium.org/g/blink-dev/c/e5fu5Q06ntA/m/UUqPuA8hEQAJ> for the Storage Access API feature (with their own user-agent-specific behavior), and Chrome has previously sent an I2S <https://groups.google.com/a/chromium.org/g/blink-dev/c/V9PzoCvIIIs/m/CZ4JT7YaAgAJ> for support for the Storage Access API gated on First-Party Sets membership (without user prompts). This I2S is intended for support for the API across sites that are not within the same First-Party Set. Blink component Blink>StorageAccessAPI <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EStorageAccessAPI> TAG review https://github.com/w3ctag/design-reviews/issues/807 (review of overall API, not of prompts) TAG review status Positive <https://github.com/w3ctag/design-reviews/issues/807#issuecomment-1431464692> Risks Interoperability and Compatibility There is minor compatibility risk as Firefox and Safari already differ slightly in their user-agent-specific prompt requirements. Chrome's planned behavior <https://github.com/cfredric/chrome-storage-access-api> is closest to Safari's current behavior, and we aim to standardize as much of this user-agent-specific behavior as possible over time. Gecko: Shipping WebKit: Shipping Web developers: There has been great developer interest in the Storage Access API, given that it provides the only predictable way of working with cross-site cookies in many browsers. Various developers have chimed in on https://github.com/whatwg/html/issues/3338 and filed issues on https://github.com/privacycg/storage-access. Other signals: Edge has shipped Blink's previous implementations of this API, which differ from Chrome's plans. We have kept (and intend to continue keeping) Edge engineers in the loop about these changes and there will be feature flags to control Blink's behavior. WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No. Debuggability None Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? No. It will be supported on all Blink platforms except Android WebView initially. We may add WebView support in the future. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? No. Browser UI is not testable by WPTs, since that is UA-specific. (The Storage Access API spec itself is tested by WPTs <https://wpt.fyi/results/storage-access-api>.) Flag name on chrome://flags #storage-access-api, #permission-storage-access-api Finch feature name StorageAccessAPI, PermissionStorageAccessAPI Non-finch justification None Requires code in //chrome? True Estimated milestones Shipping on desktop: 117 Shipping on Android: 120 Anticipated spec changes Some minor changes are expected in order to properly take user settings into account: https://github.com/privacycg/storage-access/pull/174 and an analogous change for document.requestStorageAccess. There is ongoing discussion <https://github.com/privacycg/storage-access/issues/102> on how to offer access to unpartitioned DOM storage via this API. The spec has been in incubation being co-developed by all three browser engines for a while and is close to graduation as tracked here: https://github.com/whatwg/html/issues/9000. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5085655327047680 Links to previous Intent discussions Intent to prototype: Intent to Prototype: Storage Access API with Prompts <https://groups.google.com/a/chromium.org/g/blink-dev/c/zt-nqGpURNY/m/FF6ciM6qAwAJ> This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5e44f071-97ba-41e0-a0cd-7bd3a210d6bdn%40chromium.org.
