Intent to Ship: Storage Access API, update to per-frame model

94 views
Skip to first unread message

Benjamin VanderSloot

unread,
Oct 10, 2023, 2:55:15 PM10/10/23
to dev-pl...@mozilla.org
As of Firefox 119, I intend to update the behavior of the Storage Access API to match several updates to the specification. These updates improve the security properties of unpartitioned cookies while still supporting key use cases.

Summary: Requesting "storage access" now only affects the frame that makes the call, giving embedees finer-grained control over where unpartitioned cookies are used. To make this improvement in security, a few relaxations were made to preserve ergonomics. Namely, the scope of the storage access permission is relaxed to site-site, user activation is not needed when the permission is already granted, and same-origin self-initiated navigation preserves "storage access".
Standards Body: W3C Privacy Community Group

Other browsers:
  Chrome: Implemented
  Safari: Supportive, no details on implementation of the per-frame model, implemented the old model
Platform coverage: Desktop
Web Platform Tests: /storage-access-api/ has been updated to reflect this version of the Storage Access API.


Reply all
Reply to author
Forward
0 new messages