Intent to Experiment: Cookie Store API

179 visualizações
Pular para a primeira mensagem não lida

Victor Costan

não lida,
22 de jun. de 2018, 06:15:1422/06/2018
para blink-dev

Contact emails

pwn...@chromium.org, jsb...@chromium.org


Spec

Explainer: https://wicg.github.io/cookie-store/explainer.html

Spec draft (mostly a placeholder right now): https://wicg.github.io/cookie-store/


Summary

The Cookie Store API exposes HTTP cookies to service workers and offers a needed asynchronous alternative to document.cookie.


Conceptually, the API consists of three components:

  • Query API: asynchronous replacement for the document.cookie getter

  • Modification API: asynchronous replacement for the document.cookie setter

  • Change Events API: battery-friendly replacement for polling the document.cookie getter


The Change Events API has different shapes in documents and service workers. Documents can register an event listener that receives change events for all cookies visible to the document. Service workers create more fine-grained subscriptions that filter which cookie changes dispatch change events. The main Service Worker use case we are aware of is removing private data from browser storage when the authentication state changes (Clear-Site-Data is not sufficient for sites that support multiple signed-on users).


Link to “Intent to Implement” blink-dev discussion

https://groups.google.com/a/chromium.org/d/topic/blink-dev/gU-tSdjR4rA/discussion

Note that the API is also known as the Async Cookies API.


Goals for experimentation

We want developer feedback around the API’s performance and applicability.


  • Are the query and modification APIs sufficient for replacing document.cookie?

  • Is it acceptable to dispatch all cookie change events to documents?

  • Are the subscriptions in the service worker change events API flexible enough?


At least one major customer inside Google wants to use this API to remove private data from browser storage when authentication data (stored in cookies) changes. At least one major customer outside Google is interested in using this API to replace document.cookie polling. We want to learn from their deployment experiences.


Experimental timeline

Start OT in M69, turn down OT in M71 and iterate if necessary.


Any risks when the experiment finishes?

This API addresses cookies, which are currently accessible via document.cookie and HTTP headers.


Ongoing technical constraints

None


Debuggability

DevTools already has great support for cookies.


Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?

Yes


Link to entry on the feature dashboard

https://www.chromestatus.com/feature/5658847691669504

Chris Harrelson

não lida,
22 de jun. de 2018, 19:05:1122/06/2018
para Victor Costan, blink-dev
LGTM

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAP_mGKokYxBYn5X%2BoNM0VG_An2GApaXCUGFA9o5QXRX4aJLoDQ%40mail.gmail.com.
Responder a todos
Responder ao autor
Encaminhar
0 nova mensagem