Intent to Prototype: Cookies Having Independent Partitioned State (CHIPS)

219 views
Skip to first unread message

Dylan Cutler

unread,
Jul 1, 2021, 11:41:05 AMJul 1
to blin...@chromium.org

Contact emails

dylan...@google.comkaust...@google.com

Explainer

https://github.com/WICG/CHIPS

Specification

None

Summary

Given that Chrome plans on obsoleting third-party cookies, we want to give developers the ability to use cookies in third-party contexts that are partitioned by top-level site to meet use cases that are not cross-site tracking related (e.g. SaaS embeds, headless CMS, sandbox domains, etc.). In order to do so, we introduce a mechanism to opt-in to having their third-party cookies partitioned by top-level site using a new cookie attribute, Partitioned.


Blink component

Internals>Network>Cookies

Motivation

New browser privacy models restrict sites' ability to track user activity across top-level contexts, and Chrome plans on blocking cross-site cookies available to third-parties in multiple top-level contexts. Although these cross-site cookies are now widely recognized as being a cross-site tracking mechanism, there are several other use cases for cross-party cookies on the web today, e.g. SaaS embeds, headless CMS, sandbox domains, etc. In order to support the non-tracking-related use cases for third-party cookies above, we plan to introduce a new cookie attribute, Partitioned, to support cross-site cookies that are partitioned by top-level context, i.e. partitioned by top-level site (or that site's First-Party Set if it has one). These cookies will not be restricted by cross-site cookie blocking since they cannot be used to track users' activity across different sites.


Initial public proposal

https://discourse.wicg.io/t/proposal-cookies-having-independent-partitioned-state-chips/5290

TAG review

https://github.com/w3ctag/design-reviews/issues/654

TAG review status

Pending

Risks

Interoperability and Compatibility


Cookie partitioning will be opt-in and will not affect sites that choose not to use the Partitioned attribute. Most of its best practices (e.g. requiring Secure, Path=/, and disallowing Domain) are enforced by the semantics of the __Host- prefix which is supported by all major browsers.


At first, Partitioned cookies will be more restricted than unpartitioned third-party cookies. Eventually, Chrome will begin blocking unpartitioned cookies in third-party requests, and Partitioned cookies will be the only cookies available for third-party requests. This approach will allow developers to migrate their systems to Partitioned cookies where the semantics are aligned with the use-case, in advance of third-party cookie obsoletion.


Edge: Positive


Firefox: Neutral

Firefox announced that they are partitioning all third-party cookies by default into their ETP Strict mode and Private Browsing mode.


Safari: Neutral

When Safari attempted to partition the cookie jar by default in ITP 2.1, they ended up blocking all third-party cookies citing developer confusion.


WebKit has also proposed using opt-in partitioned cookies using the Request Storage Access API instead of a cookie attribute.


Ergonomics

The initial implementation will support the Partitioned attribute as a way third-party servers can opt-in to receiving cookies partitioned by top-level context. There are no performance concerns.


Activation

Sites will be able to use partitioned cookies for third-party requests as soon as it is available in Chrome by having their server include the Partitioned attribute in their Set-Cookie response headers. If a user agent does not recognize the Partitioned attribute, then the cookie will behave like an unpartitioned third-party cookie.


It may be helpful to have outreach to high profile open source libraries that have abstractions for setting or sending cookies in order to help facilitate the adoption of the Partitioned attribute.


Debuggability


This change would require Chrome DevTools to surface whether cookies have the Partitioned attribute set in Application > Storage > Cookies.


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes.


Link to entry on the feature dashboard


https://chromestatus.com/features/5179189105786880


Requesting approval to ship?

No.


Reply all
Reply to author
Forward
0 new messages