I've updated the blog post <https://developer.chrome.com/blog/immutable-document-domain/> stating Chrome 111 is where we ship the feature, but looks like it's rolling out through 111 and 112? I'll update the blog post to mention `OriginAgentClusterDefaultEnabled` enterprise policy.
On Sat, Jan 14, 2023 at 1:37 AM Rick Byers <rby...@chromium.org> wrote: > Thanks for the update Daniel, good luck! > > In case others, like me, have missed or forgotten the long history of this > difficult deprecation and what it means for web developers, this blog > post is a good summary > <https://developer.chrome.com/blog/immutable-document-domain/>. One > critical thing it doesn't mention, but probably should, is that the > OriginAgentClusterDefaultEnabled > enterprise policy > <https://chromeenterprise.google/policies/#OriginAgentClusterDefaultEnabled> > can also be used to revert the default on managed devices (though it looks > like the launching milestone needs to be updated there too). > > Rick > > On Fri, Jan 13, 2023 at 9:53 AM 'Daniel Vogelheim' via blink-dev < > blink-dev@chromium.org> wrote: > >> Hello all, >> >> We've now handled the bugs we've discovered, and I would like to make >> another attempt at launching. I'll follow the plan that was approved here, >> but two milestones later: Launch to 50% beta in M111 (or late M110, if I >> can still catch a bit of that release cycle), and then ramp on stable once >> M112 is out. >> >> >> On Wed, Dec 14, 2022 at 6:36 PM Daniel Vogelheim <vogelh...@google.com> >> wrote: >> >>> Hello all, >>> >>> An update: Unfortunately we have discovered a bug with this feature, >>> just as I was getting ready to enable it. The bug also affects pages that >>> have not even set document.domain. Since I have now missed a substantial >>> portion of the 109 beta cycle I'd like to delay the roll out once more, and >>> shift it by one milestone (or two; depending on when everything is fixed). >>> >>> On the positive side: Recently the last of the previously identified >>> big document.domain users, that together accounted for about 50% of >>> remaining usage, has dropped their usage. So current usage is lower than >>> previously reported. See the usage dip around late November at >>> deprecate.it (1st graph). >>> >>> On Thu, Nov 10, 2022 at 5:42 PM Mike Taylor <miketa...@chromium.org> >>> wrote: >>> >>>> LGTM3 >>>> >>>> On 11/10/22 11:18 AM, Chris Harrelson wrote: >>>> >>>> LGTM2 >>>> >>>> On Thu, Nov 10, 2022, 4:19 AM Yoav Weiss <yoavwe...@chromium.org> >>>> wrote: >>>> >>>>> LGTM1 to roll this out to 50% of Beta/Dev/Canary for either M108 or >>>>> M109, and carefully roll this out for M110, once it hits stable. >>>>> >>>>> On Wed, Nov 9, 2022 at 7:05 PM Daniel Vogelheim <vogelh...@google.com> >>>>> wrote: >>>>> >>>>>> On Wed, Nov 9, 2022 at 6:10 PM Mike Taylor <miketa...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> On 10/27/22 11:49 PM, 'Daniel Vogelheim' via blink-dev wrote: >>>>>>> >>>>>>> Hello all, >>>>>>> >>>>>>> The approval for the Intent To Ship for Origin Isolation By Default >>>>>>> / Deprecate document.domain >>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/> >>>>>>> asks for a separate intent for the actual default change >>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/m/Ybgtf3JfAQAJ>. >>>>>>> This is that separate intent. >>>>>>> >>>>>>> A summary of what happened so far: >>>>>>> >>>>>>> - Shipping Origin Isolation by Default (and thereby deprecating >>>>>>> document.domain) has security benefits, but compatibility risk. >>>>>>> >>>>>>> - We added warnings to the developer console and issues panel, >>>>>>> published a blog post, and engaged in direct outreach. This has >>>>>>> resulted in >>>>>>> substantial, measurable reduction of usage. Some sites keep using >>>>>>> document.domain, but have mitigated the deprecation with other means. >>>>>>> This >>>>>>> makes the risk difficult to measure. >>>>>>> >>>>>>> - Sampling of sites with document.domain usage and manual inspection >>>>>>> yields a potential breakage estimate at ~0.015% of page views. >>>>>>> >>>>>>> What we're asking for here is: >>>>>>> >>>>>>> - Enable the feature at 50% for beta (+ dev + canary) during M109, >>>>>>> as a "last call" for web site authors. >>>>>>> >>>>>>> This sounds like a good idea. Is there any reason we couldn't go to >>>>>>> 50% in M108 as well (or are you trying to avoid breakage over the winter >>>>>>> holidays)? >>>>>>> >>>>>> No reason. I'd be happy to go to beta as soon as I receive the lgtms. >>>>>> I had conservatively budgeted that to be 109. :-) >>>>>> >>>>>> >>>>>>> Another question: do we have enterprise policies available for this >>>>>>> change? >>>>>>> >>>>>> >>>>>> Yes; the policy is here: OriginAgentClusterDefaultEnabled >>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:components/policy/resources/templates/policy_definitions/Miscellaneous/OriginAgentClusterDefaultEnabled.yaml> >>>>>> >>>>>> >>>>>>> - Launch on stable on M110. (~ Feb '23, so >12 weeks out from today) >>>>>>> >>>>>>> >>>>>>> ------------------------ >>>>>>> >>>>>>> Contact emails v...@chromium.org, vogelh...@chromium.org >>>>>>> Specification Explainer: >>>>>>> https://github.com/mikewest/deprecating-document-domain HTML Spec >>>>>>> draft: https://github.com/whatwg/html/compare/main...otherdaniel:dd >>>>>>> API spec Yes >>>>>>> Summary >>>>>>> >>>>>>> This is a follow-on to the Intent to Ship: Origin Isolation By >>>>>>> Default / Deprecate document.domain >>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/>. >>>>>>> We'd >>>>>>> like to ship this in M110, stable. >>>>>>> >>>>>>> Summary (of the underlying change) Change the default behavior of >>>>>>> the Origin-Agent-Cluster: header / document.domain settability. >>>>>>> Presently, pages within Chromium have site-keyed agent clusters by >>>>>>> default, unless the Origin-Agent-Cluster: header is explicitly set to >>>>>>> true. >>>>>>> This accommodates pages or frames which want to access each other's >>>>>>> state, >>>>>>> despite being on different origins (but within a site). This is fine for >>>>>>> any pages that wish to do so, but because a page *might* set >>>>>>> document.domain later on, Chromium currently must use site-keyed agent >>>>>>> clusters for *all* pages by default even though the overwhelming >>>>>>> majority >>>>>>> of pages do not ever make use of this (mis-)feature. In turn, this >>>>>>> requires >>>>>>> Chromium to use sites as the basis for renderer process isolation (via >>>>>>> Site >>>>>>> Isolation), which exposes origins to same-site but cross-origin attacks >>>>>>> involving compromised renderer processes or the "Spectre" family of >>>>>>> side-channel attacks. >>>>>>> This proposal changes the default behaviour of Origin-Agent-Cluster. >>>>>>> From a developer's point of view, the new default matches >>>>>>> "Origin-Agent-Cluster: ?1". The initial implementation will use >>>>>>> origin-keyed agent clusters for all (non-opted out) origins, without >>>>>>> changing how many processes Chromium creates. Over time, we can then >>>>>>> adapt >>>>>>> Chromium's isolation strategy towards origin-keyed processes without >>>>>>> further affecting web-visible behaviour. >>>>>>> The developer-visible aspect of this is that for pages with >>>>>>> origin-keyed agent clusters, document.domain is no longer settable. >>>>>>> Thus, >>>>>>> we have marked this intent as a deprecation. >>>>>>> Note that this proposal is about the default. Both modes - >>>>>>> site-keyed or origin-keyed agent clusters - remain available to any >>>>>>> site, >>>>>>> but origin-keyed agent clusters change from opt-in to opt-out. The >>>>>>> current >>>>>>> behaviour remains available by setting "Origin-Agent-Cluster: ?0". >>>>>>> Blink component Blink>SecurityFeature >>>>>>> TAG review https://github.com/w3ctag/design-reviews/issues/564 >>>>>>> Risks: Interoperability and Compatibility >>>>>>> >>>>>>> There are compatibility risks, which we have reduced with outreach >>>>>>> and warnings, and we want to mitigate further by launching at 50% of >>>>>>> beta >>>>>>> first. An extended discussion of the risk (including attempts at >>>>>>> quantitative assessment) can be found in the original intent to ship >>>>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/_oRc19PjpFo/> >>>>>>> . >>>>>>> >>>>>>> Gecko: Standards position request >>>>>>> <https://github.com/mozilla/standards-positions/issues/601>. >>>>>>> ("Worth prototyping") >>>>>>> >>>>>>> WebKit: >>>>>>> https://lists.webkit.org/pipermail/webkit-dev/2021-December/032067.html >>>>>>> (No signals.) >>>>>>> >>>>>>> Web developers: No signals. >>>>>>> >>>>>>> Activation - Deprecation plan >>>>>>> M109: Enable "Origin Agent Cluster by Default" for 50% of page loads >>>>>>> on beta, dev, and canary. >>>>>>> >>>>>>> M110: Enable "Origin Agent Cluster by Default" on stable. >>>>>>> Security This change should be security-positive, since setting >>>>>>> document.domain will not have any impact on the origin of the document >>>>>>> any >>>>>>> more. >>>>>>> Debuggability A deprecation warning has been added to DevTools >>>>>>> console and to the issues panel in M98. This warning will file a >>>>>>> deprecation report as well using the Reporting API, if so configured. >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? Yes >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>>>>>> ? This is covered by Origin-keyed Agent Cluster tests >>>>>>> <https://wpt.live/html/browsers/origin/origin-keyed-agent-clusters/> >>>>>>> . >>>>>>> Tracking bug https://crbug.com/1139851 >>>>>>> Launch bug https://crbug.com/1246823 >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> https://chromestatus.com/feature/5428079583297536 (document.domain >>>>>>> setter deprecation) >>>>>>> https://chromestatus.com/features/5683766104162304 (Origin-keyed >>>>>>> agent clusters) >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNEMgvrOehp5%2Bf48yQ62pY3xqXqATPNxWZ6aYQ%2BXeHHAg%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNEMgvrOehp5%2Bf48yQ62pY3xqXqATPNxWZ6aYQ%2BXeHHAg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> >>>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW0vt%2BzXxGf_f7YBF2Lq1K1y5F_VJMtK6whuSiQX9_t3g%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW0vt%2BzXxGf_f7YBF2Lq1K1y5F_VJMtK6whuSiQX9_t3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPFMpseckt22K5bd%2BRsctwWihiwCdSA9vvCTZw_tOtT5A%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPFMpseckt22K5bd%2BRsctwWihiwCdSA9vvCTZw_tOtT5A%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- Eiji Kitamura / γγΌγ | Developer Advocate | @agektmr <https://twitter.com/agektmr> | Office Location: Tokyo Shibuya -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOW%3Dx-CvRNWCvcEkpyFDzfQaaSNokVK9DKoFRxe5XyKft1na_w%40mail.gmail.com.