Intent to Deprecate and Relaunch: CHIPS on WebView
Dylan Cutler
Hello Blink API Owners,
We’re seeking approval to unship and relaunch CHIPS (a.k.a. partitioned cookies) in Android WebView only.
Rationale
The WebViewClient supports a method, shouldInterceptRequest, which allows developers to intercept network activity and modify HTTP headers, etc. This API does not have access to the Cookie header and relies on the Android CookieManager API in order to query what cookies are available for a particular request URL. This is because the request is intercepted before it is sent to the network service, where the Cookie header is added. However, partitioned cookies are double-keyed on the top-level site and the site of the URL using the cookies.
Currently, the CookieManager API provides no way for developers to query partitioned cookies correctly, and this will cause a mismatch between what the Java API returns and what frames in WebView will actually be in their Cookie header. In hindsight, this seems risky and prone to bugs, and not something the CHIPS team had considered while designing the API.
After discussing this with the WebView team, we believe that the option that will minimize potential app breakage is to disable CHIPS on WebView until we are able to ship support for the Cookie header to shouldInterceptRequest. We will release the changes to shouldInterceptRequest in the next target SDK version (API level 36).
We will reconsider our decision to unlaunch CHIPS in WebView if we get feedback from the community that this would cause significant disruption.
Behavior after deprecation:
Cookies set with the Partitioned attribute on WebView will have the attribute ignored, and the cookie will be treated as unpartitioned. Any existing partitioned cookies created in WebView will be deleted to avoid conflicts across different partitions and the unpartitioned cookie jar.
All other platforms besides WebView will still have the Partitioned attribute enabled.
Timeline:
We plan to turn down CHIPS on WebView in M127.
We will relaunch CHIPS along with Android W, which will include changes to the Android CookieManager API, in 2025.
Thanks,
Dylan Cutler
Vladimir Levin
Hello Blink API Owners,
We’re seeking approval to unship and relaunch CHIPS (a.k.a. partitioned cookies) in Android WebView only.
Rationale
The WebViewClient supports a method, shouldInterceptRequest, which allows developers to intercept network activity and modify HTTP headers, etc. This API does not have access to the Cookie header and relies on the Android CookieManager API in order to query what cookies are available for a particular request URL. This is because the request is intercepted before it is sent to the network service, where the Cookie header is added. However, partitioned cookies are double-keyed on the top-level site and the site of the URL using the cookies.
Currently, the CookieManager API provides no way for developers to query partitioned cookies correctly, and this will cause a mismatch between what the Java API returns and what frames in WebView will actually be in their Cookie header. In hindsight, this seems risky and prone to bugs, and not something the CHIPS team had considered while designing the API.
After discussing this with the WebView team, we believe that the option that will minimize potential app breakage is to disable CHIPS on WebView until we are able to ship support for the Cookie header to shouldInterceptRequest. We will release the changes to shouldInterceptRequest in the next target SDK version (API level 36).
We will reconsider our decision to unlaunch CHIPS in WebView if we get feedback from the community that this would cause significant disruption.
Behavior after deprecation:
Cookies set with the Partitioned attribute on WebView will have the attribute ignored, and the cookie will be treated as unpartitioned. Any existing partitioned cookies created in WebView will be deleted to avoid conflicts across different partitions and the unpartitioned cookie jar.
All other platforms besides WebView will still have the Partitioned attribute enabled.
Timeline:
We plan to turn down CHIPS on WebView in M127.
We will relaunch CHIPS along with Android W, which will include changes to the Android CookieManager API, in 2025.
Thanks,
Dylan Cutler
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFQOPkYjRxrs68q%2BHxebt-JWCopZ6Rq9r0O80dQF8PWwRg%40mail.gmail.com.
Dylan Cutler
- We query UMA to determine just what percentage of WebView apps embed content using CHIPS (and in how many partitions). We can also use these metrics to identify the top apps who embed users of CHIPS and make sure this change would not lead to disruptions. If that proves to be enough so that you are no longer concerned about breakage then we could move forward. Otherwise, we move on to approach (2).
- We refactor our code so that if CHIPS is disabled in WebView, rather than deleting partitioned cookies we could convert them to unpartitioned. If the user has an unpartitioned cookie with the same name/domain/path, then we would delete the partitioned cookie in favor of the unpartitioned one. If multiple cookies exist in different partitions and no such unpartitioned cookie exists, we would fall back on the most recently used cookie. It is worth noting, this technique is complex and could have its own risks, so we'd like to leave it as a last resort.
Vladimir Levin
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFQ0N4hu_TF%2BBVC4MgRJgYoqmodqP%3Dg7L1dmE_GYqb1v3w%40mail.gmail.com.