Ready for Trial: First-Party Sets

391 views
Skip to first unread message

Chris Fredrickson

unread,
Dec 1, 2022, 11:18:59 AM12/1/22
to blink-dev
Contact emails

kaust...@google.com, joha...@google.com, cfre...@google.com


Explainer

https://github.com/WICG/first-party-sets


Specification

TBD.


Summary

First-Party Sets (FPS) is a web platform mechanism, proposed within the context of browser efforts to phase out support for third-party cookies, through which authors of multi-site properties may declare relationships between sites such that the browser may understand the relationships and handle cookie access accordingly.


The First-Party Sets proposal has undergone some changes since we sent the previous Intents. In particular:

  • We have introduced the notion of "subsets" to categorize set member domains, allow the UA to handle them differently, and impose different requirements    according to their declared type.

  • We have abandoned the SameParty cookie attribute.

  • We have adopted the Storage Access API as a means for sites within a First-Party Set to request cross-site cookie access.

  • We have proposed a new API, tentatively called requestStorageAccessForOrigin, to allow top-level sites to request cross-site cookie access on behalf of an embedded context within the same First-Party Set.


FPS is ready for developer trials starting in Chrome M108. Instructions for testing can be found here.


Blink component

Internals>Network>First-Party Sets


TAG review

Review (outdated, will request re-review)


TAG review status

Unsatisfied (outdated)


Interoperability and Compatibility

TBD


Firefox: Requested position (position on older proposal here)

Safari: Requested position (position on older proposal here)

Web Developers: Positive position on older proposal, looking for updated feedback through testing

Edge: Positive


Goals for experimentation

Gain developer feedback on Chrome’s implementation of the Storage Access API and requestStorageAccessForOrigin for First Party Sets.


Ongoing technical constraints

This API is available only when feature flags are turned on in the chrome://flag page.

For full developer instructions, please refer to this post.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

All with the exception of WebView (forthcoming, tracked here: https://crbug.com/1286070)


Is this feature fully tested by web-platform-tests?

No. Since the feature depends on a list of related sites or “first-party sets” managed via a submission process, testing this via web-platform-tests would require either that list of sets, or use of a hardcoded First-Party Set to which the test could refer. While other features on the web platform, such as the definition of “registrable domain” similarly depend on a list, WPT infrastructure does not support configuring such a list, as such configuration would inherently vary by browser.


Tracking bug

https://crbug.com/1117249

https://crbug.com/1175899


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5640066519007232

https://chromestatus.com/feature/5612590694662144



Links to previous Intent discussions

https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/-unZxHbw8Pc/m/_23CsOkHAQAJ

https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/XkWbQKrBzMg/m/OifyvdHOAQAJ

https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/nNdY-qOScBc/m/tg3F73ijAAAJ


Reply all
Reply to author
Forward
0 new messages