Request for Deprecation Trial: Unpartitioned 3rd party Storage, Service Workers, and Communication APIs

[Mike Taylor]

Contact emails

wande...@chromium.org, m...@chromium.org, mike...@chromium.org 

Explainer

https://github.com/wanderview/quota-storage-partitioning/blob/main/explainer.md

Specification

We’re actively working on adding the relevant spec concepts with the following WIP PRs (there has been some extensive refactoring requested, so it’s taken longer than anticipated):

https://github.com/whatwg/html/pull/8447

https://github.com/whatwg/html/pull/8036

https://github.com/whatwg/html/pull/8027 

https://github.com/whatwg/storage/pull/144 

Summary

We intend to partition a number of APIs in third-party contexts.  This effort is focused on partitioning APIs above the network stack.  This includes quota-managed storage, service workers, and communication APIs (such as BroadcastChannel).  See the explainer for more details:

https://github.com/wanderview/quota-storage-partitioning/blob/main/explainer.md

Blink component

Blink>Storage

TAG review

Early Design Review https://github.com/w3ctag/design-reviews/issues/629

TAG review status

Closed as “Satisfied”

Risks

Interoperability and Compatibility

Gecko: Shipped/Shipping

WebKit: Shipped/Shipping

Web developers: Mixed signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

We’re still investigating the risk for WebView, and if we should ship in that context at a later date.

Goals for Deprecation Trial

We propose to ship two separate deprecation trials, each for approximately one year (to give sites plenty of time to test and update, if  needed). Aspirationally, we would like to ship partitioned storage in M112, and our goal is to have a deprecation trial available from M111 to M123. 

The first is a general-purpose deprecation trial that will allow a top-level site to opt into unpartitioned storage, service workers, and communication APIs for third-party contexts embedded in its site. This will give sites more time for testing and migrating to solutions that don’t require partitioned storage. 

The second is tailored to a behavior we discovered during the dev-trial that is known to be used by the Firebase Auth library. This deprecation trial only allows for unpartitioned `sessionStorage` across a navigation (which is how the `signInWithRedirect()` method relies on storing and postMessage’ing authentication tokens). The Firebase team is aware of the issue (as it also affects Safari users; Firefox has worked around the breakage by granting unpartitioned storage via a shim), and is working to migrate their users to cross-browser solutions that are compatible with partitioned storage. Given the different nature of the Firebase issue, we think it makes sense to ship a different deprecation trial entirely.

Debuggability

DevTools has support for partitioned storage.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes for all others; TBD for WebView.

Is this feature fully tested by web-platform-tests?

Yes

DevTrial instructions

https://developer.chrome.com/en/blog/storage-partitioning-dev-trial

Flag name

ThirdPartyStoragePartitioning

DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning

Requires code in //chrome?

False

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1191114

Launch bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1191709

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5723617717387264

[Yoav Weiss]

LGTM for a deprecation trial M111-M123

The overall plan sounds reasonable, thanks for converging towards interop and improved privacy here!

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d395956d-3a59-1ba9-1b5c-33505e1518d3%40chromium.org.

[Mike Taylor]

Hi all,

As a heads up, we discovered some bugs in one of the deprecation trials, so we're going to delay things by a milestone or two until we get them fixed. I'll update this thread again once we have more confidence on timing.

[Mike Taylor]

I forgot to follow-up here - the deprecation trials are now working in M112 (modulo one issue to fix for DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning related to domains on the PSL) , and we hope to send an I2S in the near future looking for approval to ship in M113.

[Mike Taylor]

Hi all,

Due to the need to add 3P support to the DisableThirdPartyStoragePartitioning deprecation trial (which has landed in the M115 branch), we would like to re-request permission to run a deprecation trial for unpartitioned storage from M115 to 126 (inclusive), just shy of 1 year by a few weeks. 

thanks,
Mike

[Yoav Weiss]

My LGTM still stands!

[Mike Taylor]

Thanks!

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU0yW_XD5EVtdb-D%3Deh%2BUE3oobKGE4yub9duP7aJtNK5g%40mail.gmail.com.