Intent to Prototype: Storage Access API with Prompts
Shuran Huang
Contact emails
cfre...@chromium.org, joha...@chromium.org, shu...@chromium.org
Explainer
https://github.com/cfredric/chrome-storage-access-api
https://github.com/privacycg/storage-access/blob/main/README.md
Specification
https://privacycg.github.io/storage-access
Summary
The Storage Access API provides a means for authenticated cross-site embeds to check whether they have access to their unpartitioned cookies and request access to unpartitioned cookies if they are blocked. Chrome already supports the Storage Access API across sites within the same First-Party Set, in conformance with the specification, and now we intend to prototype support for user permission prompts and user-agent-specific permission behaviors in line with what other browsers are shipping.
Note that Edge previously sent an I2I for the Storage Access API feature, but we felt it was appropriate to send a new I2P given that Chrome previously shipped support for the Storage Access API gated on First-Party Sets membership and did not support prompts.
Blink component
Motivation
Chrome currently supports the Storage Access API without a user prompt – access is only granted based on First-Party Sets. However, some user experiences rely on access to unpartitioned cookies in cross-site contexts and are not supported by the existing solution. The Storage Access API with prompts provides a way for sites to request cross-site cookie access to enable these use cases. We aim to implement this in a way that does not overwhelm users with prompts or compromise their privacy.
Initial public proposal
https://github.com/whatwg/html/issues/3338
TAG review
https://github.com/w3ctag/design-reviews/issues/807
TAG review status
Risks
Interoperability and Compatibility
There is minor compatibility risk as Firefox and Safari already differ slightly in their user-agent-specific prompt requirements. Chrome's planned behavior is closest to Safari's current behavior, and we aim to standardize as much of this user-agent-specific behavior as possible over time.
Gecko: Shipping
WebKit: Shipping
Web developers: Positive
There has been great developer interest in the Storage Access API, given that it provides the only predictable way of working with cross-site cookies in many browsers. Various developers have chimed in on https://github.com/whatwg/html/issues/3338 and filed issues on https://github.com/privacycg/storage-access.
Other signals: Edge has shipped Blink's current implementation of this behavior, which differs from Chrome's plans. We have kept (and intend to continue keeping) Edge engineers in the loop about these changes and there will be feature flags to control this behavior.
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Debuggability
None
Is this feature fully tested by web-platform-tests?
No, because prompt behavior and user-agent-specific behaviors are not testable. The Storage Access API itself is tested at https://wpt.fyi/results/storage-access-api.
Flag name
StorageAccessAPI, PermissionStorageAccessAPI
Requires code in //chrome?
True
Estimated milestones
Desktop 117
Android 119
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5085655327047680
Links to previous Intent discussions
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/e5fu5Q06ntA/m/1KF5oNEXAgAJ
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/V9PzoCvIIIs/m/b4R9G0xoCQAJ
This intent message was generated by Chrome Platform Status.