intent-to-ship: Partitioned Third-party ServiceWorker in dFPI
Tim Huang
Summary
Service Workers are currently disabled in a third-party context when dFPI (State Partitioning) is enabled. This behavior was initially chosen because we had not observed sites relying on third-party service workers and it was good for privacy protection. With Bug 1725216, we see that there is a demand for third-party service workers. To resolve this issue, we will enable partitioned third-party service workers in dFPI.
In dFPI, third-party iframes will first get partitioned storage until storage access has been granted to the third party. After that, the third party will have access to its first-party storage. However, this won’t apply to partitioned Service Workers, which will remain partitioned even when storage access is granted, following recent research on potential privacy leakage through embedded unpartitioned Service Workers
Note that this change won’t affect the first-party Service Workers. And we will first only enable this in Nightly. We are targeting enabling this in Nightly 96.
Standard
https://github.com/privacycg/storage-partitioning
Bug
Platform coverage
All
Preference
privacy.partition.serviceWorkers
DevTools bug
N/A
Other browsers
Safari has already implemented permanently partitioned third-party Service Workers.
Chrome hasn’t implemented this yet, but has plans to partition all its storage APIs, including Service Workers.
Web-platform-tests
N/A
--
Mike Taylor
Other browsers
Safari has already implemented permanently partitioned third-party Service Workers.
Chrome hasn’t implemented this yet, but has plans to partition all its storage APIs, including Service Workers.
Web-platform-tests
N/A