As of Firefox 119, I intend to update the behavior of the Storage Access API to match several updates to the specification. These updates improve the security properties of unpartitioned cookies while still supporting key use cases.
*Summary: *Requesting "storage access" now only affects the frame that makes the call, giving embedees finer-grained control over where unpartitioned cookies are used. To make this improvement in security, a few relaxations were made to preserve ergonomics. Namely, the scope of the storage access permission is relaxed to site-site, user activation is not needed when the permission is already granted, and same-origin self-initiated navigation preserves "storage access". *Standards Body: *W3C Privacy Community Group *Specification:* https://privacycg.github.io/storage-access/ *Bug: *https://bugzilla.mozilla.org/show_bug.cgi?id=1835874 *Other browsers:* * Chrome: *Implemented * Safari: *Supportive, no details on implementation of the per-frame model, implemented the old model *Platform coverage:* Desktop *Web Platform Tests: */storage-access-api/ has been updated to reflect this version of the Storage Access API. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAJCrZTfa5yyhTN2C-4WpAHEDv6qNbE0PSd4MKcivPxEcfHoD8A%40mail.gmail.com.
