kaust...@google.com, joha...@google.com, cfre...@google.com
https://github.com/WICG/first-party-sets
TBD.
First-Party Sets (FPS) is a web platform mechanism, proposed within the context of browser efforts to phase out support for third-party cookies, through which authors of multi-site properties may declare relationships between sites such that the browser may understand the relationships and handle cookie access accordingly.
The First-Party Sets proposal has undergone some changes since we sent the previous Intents. In particular:
We have introduced the notion of "subsets" to categorize set member domains, allow the UA to handle them differently, and impose different requirements according to their declared type.
We have abandoned the SameParty cookie attribute.
We have adopted the Storage Access API as a means for sites within a First-Party Set to request cross-site cookie access.
We have proposed a new API, tentatively called requestStorageAccessForOrigin, to allow top-level sites to request cross-site cookie access on behalf of an embedded context within the same First-Party Set.
FPS is ready for developer trials starting in Chrome M108. Instructions for testing can be found here.
Internals>Network>First-Party Sets
Review (outdated, will request re-review)
Unsatisfied (outdated)
Interoperability and Compatibility
TBD
Firefox: Requested position (position on older proposal here)
Safari: Requested position (position on older proposal here)
Web Developers: Positive position on older proposal, looking for updated feedback through testing
Edge: Positive
Gain developer feedback on Chrome’s implementation of the Storage Access API and requestStorageAccessForOrigin for First Party Sets.
This API is available only when feature flags are turned on in the chrome://flag page.
For full developer instructions, please refer to this post.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?All with the exception of WebView (forthcoming, tracked here: https://crbug.com/1286070)
No. Since the feature depends on a list of related sites or “first-party sets” managed via a submission process, testing this via web-platform-tests would require either that list of sets, or use of a hardcoded First-Party Set to which the test could refer. While other features on the web platform, such as the definition of “registrable domain” similarly depend on a list, WPT infrastructure does not support configuring such a list, as such configuration would inherently vary by browser.
https://chromestatus.com/feature/5640066519007232
https://chromestatus.com/feature/5612590694662144
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/-unZxHbw8Pc/m/_23CsOkHAQAJ
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/XkWbQKrBzMg/m/OifyvdHOAQAJ
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/nNdY-qOScBc/m/tg3F73ijAAAJ