LGTM2 On Wed, Feb 19, 2025 at 8:28 AM Alex Russell <slightly...@chromium.org> wrote:
> LGTM1; thanks for making sure to follow up on the spec PRs. > > On Thursday, February 13, 2025 at 6:44:27 AM UTC-8 joha...@google.com > wrote: > >> > The spec PR for this is still marked as a draft, and as such hasn't >> received significant editor review. Can you say more about what's blocking >> it from being ready? >> >> As alluded to by Anne in the PR >> <https://github.com/whatwg/html/pull/10915#issuecomment-2595870637>, >> this is yet another feature dependent on cookie layering work to complete. >> The good news is that there's significant progress on that front, with both >> a new cookies spec draft >> <https://github.com/johannhof/draft-annevk-johannhof-httpbis-cookies> >> and HTML / Fetch <https://github.com/whatwg/fetch/pull/1807> PRs being >> worked on by a group of contributors from Chromium, WebKit and Firefox. Our >> hope is to have the majority of layering work completed this year, which is >> great given the complexity of the work but IMO a bit too long to block >> features like this one from progressing. >> >> I think I can speak for Anusha and Dylan when I say that we're ready to >> bear the cost of potential changes for interop, also because we think that >> is unlikely given our positive conversations with other browser vendors. >> >> On Thu, Feb 13, 2025 at 4:08 AM Rupert Wiser <bew...@chromium.org> wrote: >> >>> Can you confirm this was tested in WebView specifically? WebView applies >>> 3PC settings a little differently from other content embedders and I >>> suspect you might need additional plumbing for the js cookies, >>> >>> On Thursday, February 13, 2025 at 4:52:16 AM UTC Domenic Denicola wrote: >>> >>>> The spec PR for this is still marked as a draft, and as such hasn't >>>> received significant editor review. Can you say more about what's blocking >>>> it from being ready? >>>> >>>> On Thursday, February 13, 2025 at 2:04:55 AM UTC+9 anush...@google.com >>>> wrote: >>>> >>>> >>>> Hey, sorry about that just went ahead and started all of the relevant >>>> ones! >>>> On Wednesday, February 12, 2025 at 11:21:21 AM UTC-5 >>>> vmp...@chromium.org wrote: >>>> >>>> Hey, >>>> >>>> Do you mind starting all of the relevant reviews for this as well? >>>> [image: chipsna.png] >>>> >>>> Thanks, >>>> Vlad >>>> >>>> On Wed, Feb 12, 2025 at 9:09 AM 'Anusha Muley' via blink-dev < >>>> blin...@chromium.org> wrote: >>>> >>>> Contact emails >>>> >>>> anush...@chromium.org, dylan...@chromium.org >>>> >>>> >>>> Explainer >>>> >>>> https://github.com/explainers-by-googlers/csp-sandbox-allow- >>>> same-site-none-cookies >>>> >>>> Specification >>>> >>>> HTML Spec https://github.com/whatwg/html/pull/10915 >>>> >>>> Summary >>>> >>>> Enable a frame to signal the browser to include SameSite=None cookies >>>> in first-party requests from sandboxed frames when third-party cookie (3PC) >>>> restrictions are active using the allow-same-site-none-cookies value. >>>> >>>> Blink component >>>> >>>> Chromium > Blink > SecurityFeature > ContentSecurityPolicy >>>> Search tags >>>> >>>> allow-same-site-none-cookies >>>> >>>> TAG review >>>> >>>> https://github.com/w3ctag/design-reviews/issues/1004 >>>> TAG review status >>>> >>>> Early Design Review Satisfied >>>> >>>> Chromium Trial Name >>>> >>>> N/A- No OT >>>> >>>> Origin Trial documentation link >>>> >>>> N/A- No OT >>>> >>>> Risks >>>> >>>> Interoperability and Compatibility >>>> >>>> Gecko: Positive >>>> <https://github.com/mozilla/standards-positions/issues/1165> >>>> >>>> WebKit: No signal >>>> <https://github.com/WebKit/standards-positions/issues/450> (we >>>> discussed this with them and got tentatively positive feedback) >>>> >>>> Web developers: Positive (see public feedback >>>> <https://issues.chromium.org/issues/41486025#comment15>, we also >>>> received a private signal of developer demand) >>>> >>>> Other signals: >>>> >>>> WebView application risks >>>> >>>> Does this intent deprecate or change behavior of existing APIs, such >>>> that it has potentially high risk for Android WebView-based applications? >>>> >>>> No >>>> >>>> >>>> Debuggability >>>> >>>> Feature use visible in the experimental Chrome DevTools Protocol >>>> Monitor >>>> <https://developer.chrome.com/blog/new-in-devtools-92/#protocol-monitor>, >>>> Cookies (and the reasons why they are included/excluded) are generally >>>> debuggable via the Network panel. >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>> >>>> Yes >>>> >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ? >>>> >>>> Yes, https://wpt.fyi/results/cookies/samesite/sandbox- >>>> allow-same-site-none-cookies-value.tentative.https.html >>>> >>>> Flag name on chrome://flags >>>> >>>> N/A >>>> >>>> Finch feature name >>>> >>>> “AllowSameSiteNoneCookiesInSandbox” >>>> >>>> Requires code in //chrome? >>>> >>>> False >>>> >>>> Tracking bug >>>> >>>> https://g-issues.chromium.org/u/0/issues/372894175 >>>> >>>> Measurement >>>> >>>> UMA histogram value to measure the usage of the new >>>> ThirdPartyCookieAllowMechanism >>>> >>>> UKM log usage and aggregate by urls that are using the value >>>> >>>> Sample links >>>> >>>> https://sandbox-allow-same-site-none-cookies-demo.glitch.me/ >>>> >>>> Estimated milestones >>>> >>>> 135 >>>> >>>> Anticipated spec changes >>>> >>>> None >>>> >>>> Link to entry on the Chrome Platform Status >>>> >>>> https://chromestatus.com/feature/5090336588955648 >>>> >>>> *Links to previous Intent discussions *Intent to Prototype: Allow >>>> SameSite=None Cookies in First-Party Sandboxed Contexts >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f89dec9c-ba10-4c4a-b208-7804ab5d32d7n%40chromium.org> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+...@chromium.org. >>>> >>>> >>>> To view this discussion visit https://groups.google.com/a/ >>>> chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10- >>>> 6c1e8f1b5177n%40chromium.org >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10-6c1e8f1b5177n%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ae298e38-ee2a-48f0-a6be-f95c3fdbddf3n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ae298e38-ee2a-48f0-a6be-f95c3fdbddf3n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-_HyvGtR0cJMA_3SiFYZD-KEODEqeMWaHZ8x79v6MMbA%40mail.gmail.com.
