On 8/2/23 4:47 PM, Chris Fredrickson wrote:
Contact emails
cfred...@chromium.org, johann...@chromium.org, shuu...@chromium.org
Explainer
https://github.com/privacycg/storage-access/blob/main/README.md
<https://github.com/privacycg/storage-access/blob/main/README.md>
https://github.com/cfredric/chrome-storage-access-api/blob/main/README.md
<https://github.com/cfredric/chrome-storage-access-api/blob/main/README.md>
Specification
https://privacycg.github.io/storage-access
<https://privacycg.github.io/storage-access>
Summary
The Storage Access API provides a means for authenticated cross-site
embeds to check whether access to unpartitioned cookies is blocked and
request access if it is blocked. This request may be surfaced to the
user as a prompt, or auto-granted/auto-denied. Chrome will support the
Storage Access API by implementing all the behaviors listed in the
specification, i.e. with user prompts, and additionally having its own
user-agent-specific behaviors. Chrome’s implementation is available
for testing
<https://github.com/cfredric/chrome-storage-access-api#testing-instructions>starting
in Chrome 117.
The Storage Access API is related to other cookie-focused projects
like CHIPS
<https://developer.chrome.com/en/docs/privacy-sandbox/chips/>and
First-Party Sets <https://github.com/WICG/first-party-sets>as
preparation for phasing out third-party cookies
<https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/>in
Chrome.
Note that Edge previously sent an I2I
<https://groups.google.com/a/chromium.org/g/blink-dev/c/e5fu5Q06ntA/m/UUqPuA8hEQAJ>for
the Storage Access API feature (with their own user-agent-specific
behavior), and Chrome has previously sent an I2S
<https://groups.google.com/a/chromium.org/g/blink-dev/c/V9PzoCvIIIs/m/CZ4JT7YaAgAJ>for
support for the Storage Access API gated on First-Party Sets
membership (without user prompts). This I2S is intended for support
for the API across sites that are not within the same First-Party Set.
Blink component
Blink>StorageAccessAPI
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EStorageAccessAPI>
TAG review
https://github.com/w3ctag/design-reviews/issues/807
<https://github.com/w3ctag/design-reviews/issues/807>(review of
overall API, not of prompts)
TAG review status
Positive
<https://github.com/w3ctag/design-reviews/issues/807#issuecomment-1431464692>
Risks
Interoperability and Compatibility
There is minor compatibility risk as Firefox and Safari already differ
slightly in their user-agent-specific prompt requirements. Chrome's
planned behavior
<https://github.com/cfredric/chrome-storage-access-api>is closest to
Safari's current behavior, and we aim to standardize as much of this
user-agent-specific behavior as possible over time.
Could you elaborate on the differences for prompt requirements, and how
that might lead to compat issues?
Gecko: Shipping
WebKit: Shipping
Web developers: There has been great developer interest in the Storage
Access API, given that it provides the only predictable way of working
with cross-site cookies in many browsers. Various developers have
chimed in onhttps://github.com/whatwg/html/issues/3338
<https://github.com/whatwg/html/issues/3338>and filed issues
onhttps://github.com/privacycg/storage-access
<https://github.com/privacycg/storage-access>.
Other signals: Edge has shipped Blink's previous implementations of
this API, which differ from Chrome's plans. We have kept (and intend
to continue keeping) Edge engineers in the loop about these changes
and there will be feature flags to control Blink's behavior.
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based
applications? No.
Debuggability
None
Will this feature be supported on all six Blink platforms (Windows,
Mac, Linux, Chrome OS, Android, and Android WebView)?
No. It will be supported on all Blink platforms except Android WebView
initially. We may add WebView support in the future.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No. Browser UI is not testable by WPTs, since that is UA-specific.
(The Storage Access API spec itself is tested by WPTs
<https://wpt.fyi/results/storage-access-api>.)
Flag name on chrome://flags
#storage-access-api, #permission-storage-access-api
Finch feature name
StorageAccessAPI, PermissionStorageAccessAPI
Non-finch justification
None
Requires code in //chrome?
True
Estimated milestones
Shipping on desktop: 117
Shipping on Android: 120
Anticipated spec changes
Some minor changes are expected in order to properly take user
settings into account:
https://github.com/privacycg/storage-access/pull/174
<https://github.com/privacycg/storage-access/pull/174>and an analogous
change for document.requestStorageAccess.
There is ongoing discussion
<https://github.com/privacycg/storage-access/issues/102>on how to
offer access to unpartitioned DOM storage via this API.
The spec has been in incubation being co-developed by all three
browser engines for a while and is close to graduation as tracked
here: https://github.com/whatwg/html/issues/9000
<https://github.com/whatwg/html/issues/9000>.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5085655327047680
<https://chromestatus.com/feature/5085655327047680>
Links to previous Intent discussions
Intent to prototype: Intent to Prototype: Storage Access API with
Prompts
<https://groups.google.com/a/chromium.org/g/blink-dev/c/zt-nqGpURNY/m/FF6ciM6qAwAJ>
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5e44f071-97ba-41e0-a0cd-7bd3a210d6bdn%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5e44f071-97ba-41e0-a0cd-7bd3a210d6bdn%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b162ba1-5724-068a-ad62-ce9829200324%40chromium.org.
