[blink-dev] PSA: Extending Storage Access API (SAA) to non-cookie storage Explainer

244 views
Skip to first unread message

Ari Chivukula

unread,
Sep 8, 2023, 9:52:41 AM9/8/23
to blink-dev, hel...@google.com, Johann Hofmann, Ben Kelly
Contact Emails

Explainer

Summary
To prevent certain types of cross-site tracking, storage and communication APIs in third party contexts are being partitioned or deprecated (read more about storage partitioning and cookie deprecation efforts in Chrome and Firefox). This breaks use cases that depend on cookie and non-cookie storage and communication surfaces in cross-site contexts. Several solutions (like Chrome’s Privacy Sandbox) have been proposed to address use cases that rely on third-party cookies, including the Storage Access API (shipping with multi-browser support), which facilitates limited access to third-party cookies in specific scenarios to mitigate user-facing breakage. This explainer proposes to extend that same mechanism to non-cookie storage/communication mediums.

Ari Chivukula

unread,
Jan 17, 2024, 3:05:11 PMJan 17
to blink-dev, hel...@google.com, Johann Hofmann, Ben Kelly
Two additional explainers (each of which is an extension to Storage Access API (SAA) to non-cookie storage) have been published!

The current Storage Access API requires that unpartitioned cookie access is granted if any unpartitioned storage access is needed. This forces unpartitioned cookies to be included in network requests which may not need them, having impacts on network performance and security. Before the extension ships, we have a chance to fix this behavior without a compatibility break.

There has been increasing developer and implementer interest in first-party workers being available in third-party contexts the same way that third-party cookies already can be. In the absence of such a solution, we leave developers without a robust way to manage cross-tab state for frames loading the same origin. This explainer proposes a solution for developers to regain third-party access to Shared Workers in select instances to avoid user-facing breakage in browsers shipping storage partitioning.

Reply all
Reply to author
Forward
0 new messages