On 6/3/22 6:42 AM, Yoav Weiss wrote:
What's the deprecation period you had in mind?
Also, from a technical perspective, it might be worthwhile to talk to
folks that did past cookie related deprecations, to make sure you're
reusing the same path for reporting them to the devtools. Also also,
it'd be great if that deprecation would result in Deprecation Reports,
if at all feasible.
On Fri, Jun 3, 2022 at 12:21 PM Johann Hofmann
<johann...@chromium.org> wrote:
Contact emails
johann...@chromium.org
Explainer
None
Specification
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis/#section-5.5
Summary
To align with the latest specification in RFC 6265bis, Chromium
will reject cookies with a "Domain" attribute that contains a
non-ASCII character (e.g. Domain=éxample.com
<http://xn--domain%3Dxample-hhb.com/>).
Blink component
Blink>Network
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ENetwork>
Motivation
Support for IDN domain attributes in cookies has been long
unspecified, with Chromium, Safari and Firefox all behaving
differently. https://github.com/httpwg/http-extensions/issues/1707
fixes this issue by standardizing Firefox's behavior of rejecting
cookies with non-ASCII domain attributes. Since Chromium has
previously accepted non-ASCII characters and tried to convert them
to normalized punycode for storage, we will now apply stricter
rules and require valid ASCII (punycode if applicable) domain
attributes.
Initial public proposal
TAG review
TAG review status
Not applicable
Risks
Interoperability and Compatibility
There is a general risk of breakage compared to past Chromium
versions from rejecting previously accepted cookies, but UMA
measurements show the percentage of cookies with non-ASCII
characters (including potentially invalid cookies) to be below
0.0001%.
Any public use counters you could share?
Or is that something we couldn't add due to cookies being processed
outside the renderer?
Usage is quite low, but it would be good to know if there are any
patterns that might affect certain locales more than others. Is there
any way we can get a sample list of domains to spot check?
This change improves interoperability by aligning with what
Firefox is shipping and what Safari aims to ship as well.
/Gecko/: Positive
(https://github.com/httpwg/http-extensions/issues/1707)
/WebKit/: Positive
(https://github.com/httpwg/http-extensions/issues/1707)
Our typical process for getting such signals is
https://bit.ly/blink-signals
At the same time, as you said above, Mozilla is already shipping
<https://wpt.fyi/results/cookies/domain?label=experimental&label=master&aligned>
the behavior you want to align on here.
Can you send a request to webkit-dev, letting them know that we're
moving on that front?
/Web developers/: No signals
/Other signals/:
WebView application risks
Does this intent deprecate or change behavior of existing APIs,
such that it has potentially high risk for Android WebView-based
applications?
Debuggability
TBD
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
Flag name
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1296537
Estimated milestones
No milestones specified
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5534966262792192
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4hVsjFA06ytmbNvn-bfUXDGur0ESSMxEO-o-96sCNAiOQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4hVsjFA06ytmbNvn-bfUXDGur0ESSMxEO-o-96sCNAiOQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUdCoWru_bd826snHc24eHk7uUYW_HJF-ox0ihaqanX9g%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUdCoWru_bd826snHc24eHk7uUYW_HJF-ox0ihaqanX9g%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/82952f59-5754-ebbe-d61c-29a7d16acb5f%40chromium.org.