LGTM1; thanks for making sure to follow up on the spec PRs. On Thursday, February 13, 2025 at 6:44:27 AM UTC-8 joha...@google.com wrote:
> > The spec PR for this is still marked as a draft, and as such hasn't > received significant editor review. Can you say more about what's blocking > it from being ready? > > As alluded to by Anne in the PR > <https://github.com/whatwg/html/pull/10915#issuecomment-2595870637>, this > is yet another feature dependent on cookie layering work to complete. The > good news is that there's significant progress on that front, with both a new > cookies spec draft > <https://github.com/johannhof/draft-annevk-johannhof-httpbis-cookies> and > HTML / Fetch <https://github.com/whatwg/fetch/pull/1807> PRs being worked > on by a group of contributors from Chromium, WebKit and Firefox. Our hope > is to have the majority of layering work completed this year, which is > great given the complexity of the work but IMO a bit too long to block > features like this one from progressing. > > I think I can speak for Anusha and Dylan when I say that we're ready to > bear the cost of potential changes for interop, also because we think that > is unlikely given our positive conversations with other browser vendors. > > On Thu, Feb 13, 2025 at 4:08 AM Rupert Wiser <bew...@chromium.org> wrote: > >> Can you confirm this was tested in WebView specifically? WebView applies >> 3PC settings a little differently from other content embedders and I >> suspect you might need additional plumbing for the js cookies, >> >> On Thursday, February 13, 2025 at 4:52:16 AM UTC Domenic Denicola wrote: >> >>> The spec PR for this is still marked as a draft, and as such hasn't >>> received significant editor review. Can you say more about what's blocking >>> it from being ready? >>> >>> On Thursday, February 13, 2025 at 2:04:55 AM UTC+9 anush...@google.com >>> wrote: >>> >>> >>> Hey, sorry about that just went ahead and started all of the relevant >>> ones! >>> On Wednesday, February 12, 2025 at 11:21:21 AM UTC-5 vmp...@chromium.org >>> wrote: >>> >>> Hey, >>> >>> Do you mind starting all of the relevant reviews for this as well? >>> [image: chipsna.png] >>> >>> Thanks, >>> Vlad >>> >>> On Wed, Feb 12, 2025 at 9:09 AM 'Anusha Muley' via blink-dev < >>> blin...@chromium.org> wrote: >>> >>> Contact emails >>> >>> anush...@chromium.org, dylan...@chromium.org >>> >>> >>> Explainer >>> >>> https://github.com/explainers-by-googlers/csp-sandbox-allow- >>> same-site-none-cookies >>> >>> Specification >>> >>> HTML Spec https://github.com/whatwg/html/pull/10915 >>> >>> Summary >>> >>> Enable a frame to signal the browser to include SameSite=None cookies >>> in first-party requests from sandboxed frames when third-party cookie (3PC) >>> restrictions are active using the allow-same-site-none-cookies value. >>> >>> Blink component >>> >>> Chromium > Blink > SecurityFeature > ContentSecurityPolicy >>> Search tags >>> >>> allow-same-site-none-cookies >>> >>> TAG review >>> >>> https://github.com/w3ctag/design-reviews/issues/1004 >>> TAG review status >>> >>> Early Design Review Satisfied >>> >>> Chromium Trial Name >>> >>> N/A- No OT >>> >>> Origin Trial documentation link >>> >>> N/A- No OT >>> >>> Risks >>> >>> Interoperability and Compatibility >>> >>> Gecko: Positive >>> <https://github.com/mozilla/standards-positions/issues/1165> >>> >>> WebKit: No signal >>> <https://github.com/WebKit/standards-positions/issues/450> (we >>> discussed this with them and got tentatively positive feedback) >>> >>> Web developers: Positive (see public feedback >>> <https://issues.chromium.org/issues/41486025#comment15>, we also >>> received a private signal of developer demand) >>> >>> Other signals: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> No >>> >>> >>> Debuggability >>> >>> Feature use visible in the experimental Chrome DevTools Protocol Monitor >>> <https://developer.chrome.com/blog/new-in-devtools-92/#protocol-monitor>, >>> Cookies (and the reasons why they are included/excluded) are generally >>> debuggable via the Network panel. >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? >>> >>> Yes >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? >>> >>> Yes, https://wpt.fyi/results/cookies/samesite/sandbox- >>> allow-same-site-none-cookies-value.tentative.https.html >>> >>> Flag name on chrome://flags >>> >>> N/A >>> >>> Finch feature name >>> >>> “AllowSameSiteNoneCookiesInSandbox” >>> >>> Requires code in //chrome? >>> >>> False >>> >>> Tracking bug >>> >>> https://g-issues.chromium.org/u/0/issues/372894175 >>> >>> Measurement >>> >>> UMA histogram value to measure the usage of the new >>> ThirdPartyCookieAllowMechanism >>> >>> UKM log usage and aggregate by urls that are using the value >>> >>> Sample links >>> >>> https://sandbox-allow-same-site-none-cookies-demo.glitch.me/ >>> >>> Estimated milestones >>> >>> 135 >>> >>> Anticipated spec changes >>> >>> None >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/5090336588955648 >>> >>> *Links to previous Intent discussions *Intent to Prototype: Allow >>> SameSite=None Cookies in First-Party Sandboxed Contexts >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f89dec9c-ba10-4c4a-b208-7804ab5d32d7n%40chromium.org> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+...@chromium.org. >>> >>> >>> To view this discussion visit https://groups.google.com/a/ >>> chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10- >>> 6c1e8f1b5177n%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10-6c1e8f1b5177n%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ae298e38-ee2a-48f0-a6be-f95c3fdbddf3n%40chromium.org.
