> You pointed out one case of unpredictable behaviour: a website's logic > cannot preserve assumptions across the entire duration of it's JS execution > context. But if we don't apply the policy instantly, isn't the reverse > situation also possible?
With my proposal, you will have 2 tabs, loading the same origin with 2 different cookie behaviors. Let's assume that one is BEHAVIOR_ACCEPT and the other one BEHAVIOR_REJECT, doesn't matter the order. The 2 tabs will not be able to communicate to each other because: - we don't dispatch storage events, and/or they will not considered by the other tab. - sessionStorage, localStorage, indexedDB, ... let's say storage APIs throw exceptions in the tab with BEHAVIOR_REJECT policy. - that tab will not be able to use APIs such as SharedWorkers, or BroadcastChannels. In general, we allow tab communication only if they have both BEHAVIOR_ACCEPT cookie policy (or the corresponding permission: ACCEPT_ALLOW). Note that what I'm describing here already exists for private browsing contexts which are unable to talk with same origins in normal contexts. b _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform