Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

We've heard back from Cloudflare and Akamai who don't seem to depend on this legacy Android behavior. This change is currently targeted for M104. ~ Ari Chivukula (Their/There/They're) On Fri, Apr 8, 2022 at 8:01 AM Ari Chivukula wrote: > That's a good question! At t

Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

would be slated for M107. Given this, I believe this intent is ready for your consideration again. (Note: The summary doc <https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit#heading=h.9km75afvbmv> has been updated) On Mon, May 2, 2022 at 1:35 PM Ari Chi

[blink-dev] Re: [webkit-dev] Intent to Remove: Legacy Client Hint Mode

M104 ~ Ari Chivukula (Their/There/They're) On Tue, May 17, 2022, 10:59 Joe Medley wrote: > Hi, > > In which version do you intend to remove this? > > Joe > > On Monday, March 7, 2022 at 7:54:29 AM UTC-8 ari...@chromium.org wrote: > >> Contact emai

[blink-dev] Intent to Prototype & Ship: Syntax changes to markup based Client Hints delegation

Contact emails aric...@chromium.org, miketa...@chromium.org, yoavw...@chromium.org Prior Intent https://groups.google.com/a/chromium.org/g/blink-dev/c/JQ68cvYuiQU/m/S_33YSqxCwAJ Specification https://github.com/WICG/client-hints-infrastructure/pull/109 Summary There is existing HTML syntax

Re: [blink-dev] Intent to Prototype & Ship: Syntax changes to markup based Client Hints delegation

Combining the addition of the new syntax and the removal of the old one works. I'll update the language on the chrome status feature page. There won't be an issue getting the code in for M105 assuming we get the third LGTM within a week. ~ Ari Chivukula (Their/There/They're) On W

Re: [blink-dev] Intent to Prototype & Ship: Syntax changes to markup based Client Hints delegation

Accept-CH is still the name of the HTTP header to request client hints and Permissions-Policy is still the name of the HTTP header to delegate client hints. This only changes the HTML meta tag name/syntax. ~ Ari Chivukula (Their/There/They're) On Wed, Jul 20, 2022 at 11:39 AM Alex Ru

[blink-dev] Intent to Prototype & Ship: Client Hints persistency in Android WebView

Contact emails aric...@chromium.org, miketa...@chromium.org, yoavw...@chromium.org Specification https://wicg.github.io/client-hints-infrastructure/ Explainer When a page is loaded, the first response from an origin may include a signal (in HTTP headers) for Client Hints to be included in fut

[blink-dev] Intent to Prototype & Ship: Wildcards in Permissions Policy Origins

ork might flag syntax errors in the Issues tab <https://docs.google.com/document/d/1lDEvj8tMeuvUs1HTTqL-44YiI-7ljeQkusM_WhUfIeE/edit> . Is this feature fully tested by web-platform-tests? No, but it will be. Tracking bug https://crbug.com/1345994 Link to entry on the Chrome Platform Stat

Re: [blink-dev] Intent to Prototype & Ship: Wildcards in Permissions Policy Origins

Sorry about that: https://github.com/mozilla/standards-positions/issues/679 https://github.com/WebKit/standards-positions/issues/51 ~ Ari Chivukula (Their/There/They're) On Wed, Aug 31, 2022, 10:06 Yoav Weiss wrote: > > > On Fri, Aug 26, 2022 at 7:27 PM Ari Chivukula > wr

Re: [blink-dev] Intent to Prototype & Ship: Wildcards in Permissions Policy Origins

I'll add a note, but this is actually deliberate. *.foo.com does not match foo.com. ~ Ari Chivukula (Their/There/They're) On Wed, Aug 31, 2022, 10:19 ayumi hamasaki wrote: > The example in the description is a bit confusing found here: > https://chromestatus.com/feature/

Re: [blink-dev] Intent to Prototype & Ship: Wildcards in Permissions Policy Origins

There was one comment on the TAG thread: https://github.com/w3ctag/design-reviews/issues/765#issuecomment-1245616454 Mozilla just published a positive position: https://github.com/mozilla/standards-positions/issues/679 ~ Ari Chivukula (Their/There/They're) On Wed, Sep 7, 2022 at 2:39 PM

Re: [blink-dev] Intent to Prototype & Ship: Wildcards in Permissions Policy Origins

I haven't seen the notes from the meeting (don't see them here: https://github.com/w3ctag/meetings/tree/gh-pages/2022/telcons), do you have a copy and/or can you describe the forward-compatible cases? ~ Ari Chivukula (Their/There/They're) On Wed, Sep 21, 2022 at 11:38 AM Chris H

Re: [blink-dev] Intent to Prototype & Ship: Wildcards in Permissions Policy Origins

Ah, yes I responded to that comment and believe it would be possible to support that future extension without having to un-ship this version of wildcards. ~ Ari Chivukula (Their/There/They're) On Wed, Sep 21, 2022 at 12:21 PM Yoav Weiss wrote: > Essentially, this comment > <http

[blink-dev] Intent to Prototype: Markup based Client Hints delegation for third-party content

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1U3P9yvaT1NXG_qRmY3Lp6Me7M5kTnd3QrBb1yFUVNNk/edit Specification https://wicg.github.io/client-hints-infrastructure/ Summary To support variable fonts

[blink-dev] Intent to Ship: Standardize existing client hint naming

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1yhVLyEIpDhhDQf698WkvXBiPcLwxEgCBI4o1FjvXwfM/edit Specification https://wicg.github.io/client-hints-infrastructure/ https://wicg.github.io/responsive-image-clien

Re: [blink-dev] Intent to Ship: Standardize existing client hint naming

fferent from the > legacy hints (as they don't have the same legacy baggage). Is that correct? > > > On Mon, Oct 11, 2021 at 8:09 PM Ari Chivukula > wrote: > >> Contact emails >> >> aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org >>

Re: [blink-dev] Intent to Ship: Standardize existing client hint naming

r working on this, Ari! >>> > >>> > IIUC, this intent will add these new hint names, but would >>> > also ensure their behavior when it comes to 3P delegation would >>> > be different from the legacy hints (as they don't have the same >>> > legacy

Re: [blink-dev] Intent to Deprecate and Remove: WebSQL in third-party contexts

le it (planned to exist until M102, when it'll be removed entirely and not simply disabled by default). ~ Ari Chivukula (Their/There/They're) On Thu, Aug 5, 2021 at 12:21 PM Alex Russell wrote: > LGTM3 with the caveats Yoav outlines. Would like to hear back about the > new usec

Re: [blink-dev] Intent to Deprecate and Remove: WebSQL in third-party contexts

1% usage > <https://www.chromestatus.com/metrics/feature/timeline/popularity/10>. > But I suggest this because: > 1. the current behavior (only 1st party) may be a bit surprising, if not > contextualized with "this feature is being deprecated". > 2. early warning

[blink-dev] Intent to Deprecate: Standardize existing client hint naming

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1yhVLyEIpDhhDQf698WkvXBiPcLwxEgCBI4o1FjvXwfM/edit https://docs.google.com/document/d/1X5bEbIZ9U2DQhB_4yWxVuR9rGnnWjAOW-gSdlINbnNU/edit Specification https://wicg

Re: [blink-dev] Intent to Deprecate and Remove: WebSQL in third-party contexts

d. Some of this depends on how well the third-party WebSQL removal happening between M97 and M101 goes. TL;DR No first-party WebSQL warning has been added and no plans are final. ~ Ari Chivukula (Their/There/They're) On Thu, Nov 18, 2021, 23:04 Antonio Moreno wrote: > Hi all, > > Qui

[blink-dev] Intent to Prototype: Markup based Client Hints delegation for third-party content

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1U3P9yvaT1NXG_qRmY3Lp6Me7M5kTnd3QrBb1yFUVNNk/edit Specification https://wicg.github.io/client-hints-infrastructure/ Summary To support content negotiation use c

[blink-dev] Intent to Ship: Markup based Client Hints delegation for third-party content

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1U3P9yvaT1NXG_qRmY3Lp6Me7M5kTnd3QrBb1yFUVNNk/edit Specification https://wicg.github.io/client-hints-infrastructure/ Intent to Prototype https://groups.google.c

Re: [blink-dev] Intent to Prototype: Markup based Client Hints delegation for third-party content

Please ignore this thread and use https://groups.google.com/a/chromium.org/g/blink-dev/c/JQ68cvYuiQU instead. This one was mislabeled as an intent to prototype, when it should be an intent to ship. On Monday, December 20, 2021 at 2:00:00 PM UTC-8 Ari Chivukula wrote: > Contact emails >

[blink-dev] Re: Intent to Ship: Markup based Client Hints delegation for third-party content

Reaching out for review now that we're past the holiday season. I'm hoping to make the M99 branch cut on the 20th. On Mon, Dec 20, 2021 at 2:01 PM Ari Chivukula wrote: > Contact emails > > aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org > &g

Re: [blink-dev] Re: Intent to Ship: Markup based Client Hints delegation for third-party content

Hi API owners! Wanted to bump this thread since we're getting close to the M99 branch cut (this Thursday). This could be launched to beta only, but since there's been developer interest in this feature we would like to launch it with M99 if possible. ~ Ari Chivukula (Their/There/The

[blink-dev] [webkit-dev] Intent to Remove: Legacy Client Hint Mode

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B16-HmUVPG7iDP5HkzD0/edit Specification https://wicg.github.io/client-hints-infrastructure/ Summary One residue of the rapid Client Hint

[blink-dev] [webkit-dev] Intent to Ship: Add Save Data Client Hint

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Design Doc https://docs.google.com/document/d/1sRYGWL2H_qFQamffUbojBiQdbJ1uAmptr3F_jjx5VSI/edit Specification https://wicg.github.io/savedata/ https://wicg.github.io/client-hints-infrastructure/ Summary Th

[blink-dev] Intent to Remove: Legacy Client Hint Mode

Fixing the subject prefix, apologies. On Mon, Mar 7, 2022 at 7:54 AM Ari Chivukula wrote: > Contact emails > > aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org > > Design Doc > > > https://docs.google.com/document/d/1igtMPtVTiX24bVaUo6tBgx3B

[blink-dev] Intent to Ship: Add Save Data Client Hint

Fixing the subject prefix, apologies. On Mon, Mar 7, 2022 at 7:55 AM Ari Chivukula wrote: > Contact emails > > aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org > > Design Doc > > > https://docs.google.com/document/d/1sRYGWL2H_qFQamffUbojBiQd

Re: [blink-dev] Intent to Ship: Add Save Data Client Hint

Sorry for not including timeline info. The plan is: M102 will include the new Sec-CH-Save-Data header. No plan to remove the legacy Save-Data header at this moment. On Mon, Mar 7, 2022 at 7:57 AM Ari Chivukula wrote: > Fixing the subject prefix, apologies. > > On Mon, Mar 7, 2022 a

Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

blog/client-hints>, and Peakhour <https://www.peakhour.io/docs/responsive-design/client-hints/> in search results. I could try tagging some of them in a GitHub issue but wasn't sure if there's a better way to reach a wider audience. ~ Ari Chivukula (Their/There/They're) On Wed,

Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

h, or device-memory being auto-delegated to all third party sites when requested by a first party on Android. That's the legacy behavior that's being proposed for removal (ideally with M102). ~ Ari Chivukula (Their/There/They're) On Fri, Mar 11, 2022 at 10:54 AM Eric Portis wrote:

[blink-dev] Intent to Prototype: Cookie Expires/Max-Age attribute upper limit

Contact emails aric...@chromium.org, jadekess...@chromium.org, miketa...@chromium.org Specification https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-expires-attribute Summary When cookies are set with an explicit Expires/Max-Age attribute the value will now be cap

Re: [blink-dev] Intent to Ship: Add Save Data Client Hint

policy is touched the old `Save-Data` header wouldn't be sent at all under this intent. ~ Ari Chivukula (Their/There/They're) On Tue, Mar 15, 2022 at 11:05 AM Mike West wrote: > Hey Avi! > > Two questions, one small, one large: > > First, to reduce header bloat, the

Re: [blink-dev] Intent to Ship: Add Save Data Client Hint

questing Sec-CH-Save-Data or modifying the CH-Save-Data permissions policy *will prevent* the old `Save-Data` header from being sent." ~ Ari Chivukula (Their/There/They're) On Wed, Mar 16, 2022 at 1:29 AM Mike West wrote: > On Tue, Mar 15, 2022 at 7:57 PM Ari Chivukula > wrote:

Re: [blink-dev] Intent to Ship: Add Save Data Client Hint

As for usage, it's hard to gauge because it's sent by default when Android Lite Mode is on. We're betting on the limited cases in which it's ever sent going to zero (with the removal of Android Lite Mode) to facilitate this. ~ Ari Chivukula (Their/There/They're) On Wed

Re: [blink-dev] Re: Intent to Ship: Markup based Client Hints delegation for third-party content

This is a good point, I'm working to fix the standard to reflect the way Chrome handles the parsing. Open to feedback if I'm missing something. https://github.com/WICG/client-hints-infrastructure/pull/103 ~ Ari Chivukula (Their/There/They're) On Wed, Mar 23, 2022 at 9:24 AM D

Re: [blink-dev] Intent to Ship: Add Save Data Client Hint

://github.com/WICG/savedata/pull/5 https://github.com/WICG/client-hints-infrastructure/pull/101 We can revisit re-naming in the future if desired, after this is launched. ~ Ari Chivukula (Their/There/They're) On Wed, Mar 16, 2022 at 6:48 AM Ari Chivukula wrote: > As for usage, it's hard to

Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

r.io/docs/responsive-design/client-hints/> but haven't heard from them on this thread. ~ Ari Chivukula (Their/There/They're) On Sat, Mar 12, 2022 at 2:32 PM Ari Chivukula wrote: > The modern syntax (I assume you mean third-party delegation of client > hints via HTML) is shippi

[blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

Contact emails aric...@chromium.org, miketa...@chromium.org Specification https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-expires-attribute Summary When cookies are set with an explicit Expires/Max-Age attribute the value will now be capped to no more than 400 da

Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

Right now it's on track for M103, which has a branch cut in May and a release in June. I have no issue pushing this back to M104 (branch in June and release in July) to get a full 3 month buffer. Thanks for the outreach! ~ Ari Chivukula (Their/There/They're) On Thu, Apr 7, 2022 at 2:

Re: [blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

existing logged-in site newly updates its login cookies and then isn't visited for 400 days, the login cookies will expire after 400 days of inactivity. Any newly logged-in site will have the 400 day limit imposed. ~ Ari Chivukula (Their/There/They're) On Fri, Apr 8, 2022 at 12:14 AM

Re: [blink-dev] Intent to Remove: Legacy Client Hint Mode

-ch-device-memory) as behavior is now identical, but until usage drops off no action will be taken. I doubt that will change until 2023. ~ Ari Chivukula (Their/There/They're) On Fri, Apr 8, 2022 at 1:43 AM Jon Arne Sæterås wrote: > Thank you for the ping Eric. > For ImageEngine &l

Re: [blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

lock get reset: on visit or on > cookie renewal? > > On Fri, Apr 8, 2022 at 4:59 PM Ari Chivukula wrote: > >> Cookies already in storage will not have this new limit imposed, but any >> cookies newly set or updated will have it imposed. >> >> If an existing log

Re: [blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

fects are first felt. ~ Ari Chivukula (Their/There/They're) On Mon, Apr 11, 2022, 02:03 Yoav Weiss wrote: > Thanks! It seems like we'd need to tell developers then that they need to > update their cookies on every site visit. I don't know if this is a big > change from wha

Re: [blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

change but pre-site refresh change, and then wait 400 days to try to use the site again for their login to expire. ~ Ari Chivukula (Their/There/They're) On Mon, Apr 11, 2022, 05:18 Yoav Weiss wrote: > IIUC from offline conversations, once we start changing the expiration > dates of

Re: [blink-dev] Intent to Ship: Add Save Data Client Hint

I'm aiming to meet that deadline, yes. https://chromium-review.googlesource.com/c/chromium/src/+/3575367 ~ Ari Chivukula (Their/There/They're) On Mon, Apr 11, 2022 at 10:30 AM Joe Medley wrote: > Is this shipping in 102? > > On Wednesday, April 6, 2022 at 8:17:09 AM UTC-7 D

Re: [blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

Here's a design doc for the additional data to be measured: https://docs.google.com/document/d/1x7_2wVY2gSEfMlvpS4AoQtN5x7fHG_AsQ01V4CkSELI/edit The target ship date for this thread is now M103, but we're still looking for LGTMs. ~ Ari Chivukula (Their/There/They're) On Mon, Ap

Re: [blink-dev] Intent to Ship: Cookie Expires/Max-Age attribute upper limit

Deal, but let's call metrics for M103 and the feature in M104. ~ Ari Chivukula (Their/There/They're) On Mon, Apr 11, 2022 at 8:57 PM Yoav Weiss wrote: > LGTM1 conditional on: > >- Landing the metrics in M102 and the feature in M103 >- Coming back to this thread

[blink-dev] Intent to Ship: Extending Storage Access API (SAA) to non-cookie storage

Contact emails aric...@chromium.org, wanderv...@chromium.org, johann...@chromium.org, rosh...@google.com Specification https://privacycg.github.io/saa-non-cookie-storage/ Design Doc https://docs.google.com/document/d/19qCGb4qwOcGiNrQM3ptWvRmB4JtpaTFgFVlWLXNOQ6c/edit Feedback https://github.c

Re: [blink-dev] Intent to Ship: Extending Storage Access API (SAA) to non-cookie storage

Sorry about that, it's been resolved and https://privacycg.github.io/saa-non-cookie-storage/ is now a draft spec. ~ Ari Chivukula (Their/There/They're) On Thu, Mar 14, 2024, 21:47 Domenic Denicola wrote: > > > On Thu, Mar 14, 2024 at 10:27 PM Ari Chivukula > wrot

[blink-dev] Re: Intent to Ship: Extending Storage Access API (SAA) to non-cookie storage

th the iframe's site in a top-level context in the past). ~ Ari Chivukula (Their/There/They're) On Wed, Mar 20, 2024 at 7:29 AM Yoav Weiss (@Shopify) < yoavwe...@chromium.org> wrote: > > > On Thursday, March 14, 2024 at 2:27:20 PM UTC+1 Ari Chivukula wrote: > &g

[blink-dev] Re: Intent to Ship: Extending Storage Access API (SAA) to non-cookie storage

gun here, but given the direction these APIs seem to be heading I don't think the risk is high. What are the chances vendors decide to add new storage mechanisms that are loaded at document initialization with all data synchronously available? ~ Ari Chivukula (Their/There/They're)

[blink-dev] Intent to Prototype and Ship: Align navigator.cookieEnabled with spec

Contact emails aric...@chromium.org, johann...@google.com Specification https://html.spec.whatwg.org/multipage/system-state.html#cookies Summary navigator.cookieEnabled currently indicates if “the user agent attempts to

Re: [blink-dev] Intent to Prototype and Ship: Align navigator.cookieEnabled with spec

We discussed having this be a PSA+fix, but since developers testing 3PCD have been living in this world for a while and Firefox also has the behavior, it seemed better to go the long route. ~ Ari Chivukula (Their/There/They're) On Tue, Apr 30, 2024 at 11:34 AM Rick Byers wrote: > See

[blink-dev] Intent to Prototype: Partitioned Popins

Contact emails aric...@chromium.org, johann...@chromium.org, kaustub...@chromium.org Explainer https://github.com/arichiv/partitioned-popins/ Summary A new web primitive is needed to cover short-lived popup use cases which require access to storage partitioned by the popup opener. This primiti

Re: [blink-dev] Re: Intent to Ship: Extending Storage Access API (SAA) to non-cookie storage

ocument.hasUnpartitionedCookieAccess(); // access1 equals access2 equals true. ~ Ari Chivukula (Their/There/They're) On Wed, Apr 3, 2024 at 11:57 AM Rick Byers wrote: > LGTM3 > > On Wed, Apr 3, 2024 at 11:30 AM Daniel Bratell > wrote: > >> LGTM2 >> >> /Danie

Re: [blink-dev] Re: Intent to Ship: Partitioning Storage, Service Workers, and Communication APIs

e new handle returned from a call to requestStorageAccess outlined here: https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess The handle returned would grant unpartitioned storage access whether or not the calling context itself were partitioned. ~ Ari Chivukula (Their/

[blink-dev] PSA: Opener Storage Partitioning Explainer

*Contact Emails* aric...@chromium.org, ahem...@chromium.org, tito...@chromium.org, miketa...@chromium.org, cl...@chromium.org *Explainer* https://github.com/arichiv/opener-storage-partitioning/blob/main/README.md *Summary* This proposal seeks to prevent or limit same-origin cross-frame communicat

Re: [blink-dev] PSA: Opener Storage Partitioning Explainer

add this to the list to track. ~ Ari Chivukula (Their/There/They're) On Fri, Sep 1, 2023 at 6:45 PM Charlie Reis wrote: > Thanks for sharing. I have a few questions and concerns about this > approach, which might be worth discussing. > > 1) Giving transient storage to windows

[blink-dev] PSA: Extending Storage Access API (SAA) to non-cookie storage Explainer

*Contact Emails* aric...@chromium.org, hele...@google.com, johann...@chromium.org, wanderv...@chromium.org *Explainer* https://arichiv.github.io/saa-non-cookie-storage/ *Summary* To prevent certain types of cross-site tracking, storage and communication APIs in third party contexts are being part

Re: [blink-dev] Re: Intent to Prototype & Ship: Cookie Expires/Max-Age attribute upper limit for prior storage

after that time. For example: Site X stored Cookie Y pre-M104 expires January 1, . M119 first launched by user January 1, 2024. Cookie Y now expires February 4, 2025. Site X renews Cookie Y by storing it again January 1, 2025. Cookie Y now expires February 5, 2026. ~ Ari Chivukula (Their/There/The

[blink-dev] Intent to Prototype: Extending Storage Access API (SAA) to non-cookie storage

Contact emails aric...@chromium.org, wanderv...@chromium.org, johann...@chromium.org, hele...@google.com Specification https://arichiv.github.io/saa-non-cookie-storage/ Summary We propose an extension of the Storage Access API (bac

[blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

Contact emails aric...@chromium.org, wanderv...@chromium.org, johann...@chromium.org, hele...@google.com Specification https://arichiv.github.io/saa-non-cookie-storage/ Feedback https://github.com/arichiv/saa-non-cookie-storage/issues Intent to Prototype https://groups.google.com/a/chromi

Re: [blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

Done. ~ Ari Chivukula (Their/There/They're) On Fri, Oct 27, 2023 at 5:25 PM Chris Harrelson wrote: > Can you please also fill out the *Goals for experimentation* section? > > On Thu, Oct 26, 2023 at 8:21 AM Ari Chivukula > wrote: > >> Contact emails >>

[blink-dev] Intent to Prototype: Opener Protections

Contact emails aric...@chromium.org, johann...@chromium.org, cl...@chromium.org Specification https://arichiv.github.io/opener-storage-partitioning/ Summary This proposal seeks to prevent or limit cross-storage-partition cross-frame communication that can bypass storage partitioning

[blink-dev] Re: Intent to Prototype: Extending Storage Access API (SAA) to non-cookie storage

ocs/Web/API/Broadcast_Channel_API>which would allow for cross-tab messaging without the need to be online. ~ Ari Chivukula (Their/There/They're) On Tue, Nov 28, 2023 at 4:35 PM Jesper van den Ende wrote: > Hi all, > > I noticed the TODOs for shared workers were removed. > M

[blink-dev] Re: Intent to Prototype: Extending Storage Access API (SAA) to non-cookie storage

en-US/docs/Web/API/URL/createObjectURL_static) and sharing the resulting URL via BroadcastChannel or other means may work, but I'm unsure about the efficiency of such an approach. ~ Ari Chivukula (Their/There/They're) On Tue, Nov 28, 2023 at 5:35 PM Jesper van den Ende wrote: > Aweso

[blink-dev] Re: Intent to Prototype: Extending Storage Access API (SAA) to non-cookie storage

ge between frames without some sort of extension mediating the process AFAIK. ~ Ari Chivukula (Their/There/They're) On Wed, Nov 29, 2023 at 4:34 PM Jesper van den Ende wrote: > Ah that's too bad. > I don't think using object urls would be performant. The data in the > Arr

Re: [blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

. Shared Workers will be re-examined in a future extension, I hope to publish more on this within a month. ~ Ari Chivukula (Their/There/They're) On Thu, Oct 26, 2023 at 11:21 AM Ari Chivukula wrote: > Contact emails > > aric...@chromium.org, wanderv...@chromium.org, johann...@chromi

Re: [blink-dev] Re: Intent to Ship: Partitioning Storage, Service Workers, and Communication APIs

Heads up that there's an Origin Trial which allows unpartitioned access to some storage and communication mechanisms via SAA (the same mechanism that grants unpartitioned cookie access): https://developer.chrome.com/blog/saa-non-cookie-storage/ ~ Ari Chivukula (Their/There/They're) O

Re: [blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

/chromium-review.googlesource.com/c/chromium/src/+/5177156> will be included in M122. Please report any further issues to https://github.com/arichiv/saa-non-cookie-storage/issues, thanks! ~ Ari Chivukula (Their/There/They're) On Mon, Dec 4, 2023 at 9:54 AM Ari Chivukula wrote: > A blog post on h

Re: [blink-dev] PSA: Extending Storage Access API (SAA) to non-cookie storage Explainer

plainer proposes a solution for developers to regain third-party access to Shared Workers in select instances to avoid user-facing breakage in browsers shipping storage partitioning. On Fri, Sep 8, 2023 at 9:52 AM Ari Chivukula wrote: > *Contact Emails* > aric...@chromium.org, hele...@google.com

Re: [blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

s without a robust way to manage cross-tab state for frames loading the same origin. This explainer proposes a solution for developers to regain third-party access to Shared Workers in select instances to avoid user-facing breakage in browsers shipping storage partitioning. ~ Ari Chivukula (Their/T

Re: [blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

<https://privacycg.github.io/saa-non-cookie-storage/omit-unpartitioned-cookies.html> Explainer: Extending Storage Access API (SAA) to Shared Workers <https://privacycg.github.io/saa-non-cookie-storage/shared-workers.html> Discussion <https://github.com/privacycg/saa-non-cookie-storage/issues> ~ Ar

Re: [blink-dev] Intent to Experiment: Extending Storage Access API (SAA) to non-cookie storage

Chrome 123 is adding Shared Worker support to the SAA extension. A blog post on how to participate in the OT is here: https://developer.chrome.com/blog/saa-non-cookie-storage/ ~ Ari Chivukula (Their/There/They're) On Mon, Jan 29, 2024 at 1:41 PM Ari Chivukula wrote: > Please note

[blink-dev] Intent to Extend Experiment: Extending Storage Access API (SAA) to non-cookie storage

Contact emails aric...@chromium.org, wanderv...@chromium.org, johann...@chromium.org, cfred...@chromium.org, kaustub...@chromium.org Specification https://privacycg.github.io/saa-non-cookie-storage/ Feedback https://github.com/privacycg/saa-non-cookie-storage/issues Design Doc https://docs.g

Re: [blink-dev] Proposal of web facing feature about Sec-GPC implementation

specification. https://privacycg.github.io/gpc-spec/ Some examples of the format in action can be found here: https://groups.google.com/a/chromium.org/g/blink-dev/search?q=subject%3Aintent%20subject%3Ato%20subject%3Aprototype ~ Ari Chivukula (Their/There/They're) On Fri, Jan 20, 2023 at 12:

Re: [blink-dev] Proposal of web facing feature about Sec-GPC implementation

Maxim ended up abandoning the CL to add GPC for lack of time, but support exists for any contributor who wants to pick that torch back up. If you're interested please reach out to myself or Jeffrey (cc'd) for support on the code and/or on navigating the launch process. ~ Ari Chivuk

Re: [blink-dev] Intent to Deprecate: non-standard `shadowroot` attribute for declarative shadow DOM

That is the correct path! Updating the docs here: https://chromium-review.googlesource.com/c/website/+/4289233 ~ Ari Chivukula (Their/There/They're) On Fri, Feb 24, 2023 at 1:34 PM Mason Freed wrote: > > > On Tue, Feb 21, 2023 at 11:45 PM Yoav Weiss > wrote: > >> On

[blink-dev] Intent to Prototype & Ship: Expanded Wildcards in Permissions Policy Origins

Contact emails aric...@chromium.org, miketa...@chromium.org, iclell...@chromium.org Prior Work Wildcards in Permissions Policy Origins Specification https://github.com/w3c/webappsec-permissions-policy/pull/482 Background In M108 Chrome add

[blink-dev] Intent to Prototype & Ship: Report Critical-CH caused restart in NavigationTiming

Contact emails aric...@chromium.org, miketa...@chromium.org, yoavwe...@chromium.org Specification https://github.com/w3c/navigation-timing/pull/188 Summary Websites can indicate that a particular Client Hint is critical to the page by inclu

Re: [blink-dev] Intent to Prototype & Ship: Expanded Wildcards in Permissions Policy Origins

chrome is unblocked. On Wed, Apr 5, 2023, 4:57 AM Yoav Weiss wrote: > > > On Tue, Mar 14, 2023 at 3:34 PM Ari Chivukula > wrote: > >> Contact emails >> >> aric...@chromium.org, miketa...@chromium.org, iclell...@chromium.org >> >> >> Prior

Re: [blink-dev] Intent to Prototype & Ship: Expanded Wildcards in Permissions Policy Origins

I don't have a draft of the CSP or Permissions Policy spec changes yet. There won't be any breaking changes for either needed, the change is to a superset of supported matching options for Permissions Policy. ~ Ari Chivukula (Their/There/They're) On Wed, Apr 5, 2023 at 11:22 

Re: [blink-dev] Intent to Prototype & Ship: Report Critical-CH caused restart in NavigationTiming

That differs from my past experience (in which a proposed spec change is sufficient to move forward with a launch), but if you want me to build and test it all behind a flag before I get the go ahead here that's fine. ~ Ari Chivukula (Their/There/They're) On Wed, Apr 19, 2023 at 11:

Re: [blink-dev] Intent to Prototype & Ship: Report Critical-CH caused restart in NavigationTiming

Works for me, didn't realize that was the standard order. ~ Ari Chivukula (Their/There/They're) On Wed, Apr 19, 2023 at 11:58 AM Rick Byers wrote: > Hi Ari, > The documented process > <https://www.chromium.org/blink/launching-features/#new-feature-prepare-to-ship> >

[blink-dev] Intent to Extend Experiment: User-Agent Reduction Deprecation Origin Trial

Contact emails aric...@chromium.org, victor...@chromium.org, miketa...@chromium.org Original I2E https://groups.google.com/a/chromium.org/g/blink-dev/c/-2OW78CB1-A/ Origin Trial Overview https://docs.google.com/document/d/1d-K43rzfDGxNM4H6Yzh5lV08KJwLsae06i4Q0A8snME/edit Client Hints Infrastr

Re: [blink-dev] Intent to Extend Experiment: User-Agent Reduction Deprecation Origin Trial

The extension was approved until September 23, 2023. It looks like that's the standard final date for OTs that support M115. https://developer.chrome.com/origintrials/#/view_trial/2608710084154359809 ~ Ari Chivukula (Their/There/They're) On Fri, May 19, 2023 at 1:40 PM Rick By

Re: [blink-dev] Intent to Prototype & Ship: Report Critical-CH caused restart in NavigationTiming

I'm back! The code has been merged behind a flag w/ wpts: https://chromium-review.googlesource.com/c/chromium/src/+/4538244 The spec changes have been merged too: https://github.com/w3c/navigation-timing/pull/188 https://github.com/WICG/client-hints-infrastructure/pull/153 ~ Ari Chivukula (

Re: [blink-dev] Intent to Prototype & Ship: Expanded Wildcards in Permissions Policy Origins

Code and WPTs shipped here: https://chromium-review.googlesource.com/c/chromium/src/+/4555927 Spec shipped here: https://github.com/w3c/webappsec-permissions-policy/pull/516 ~ Ari Chivukula (Their/There/They're) On Wed, Apr 19, 2023 at 12:05 PM Rick Byers wrote: > Hi Ari, >

Re: [blink-dev] Intent to Prototype & Ship: Expanded Wildcards in Permissions Policy Origins

ose to disagree, we should just be clear about where any > disagreement is. > > Thanks, >Rick > > On Fri, Jun 9, 2023 at 12:05 PM Ari Chivukula > wrote: > >> Code and WPTs shipped here: >> https://chromium-review.googlesource.com/c/chromium/src/+/4555927 >>

[blink-dev] Intent to Prototype & Ship: Clear-Site-Data header wildcard syntax

Contact emails aric...@chromium.org, miketa...@chromium.org, yoavwe...@chromium.org Specification https://w3c.github.io/webappsec-clear-site-data/ Summary Websites will now be able to clear all storage targets (“cookies”, “cache”, and “storage”) by sending `Clear-Site-Data: “*”`. Note that Chr

[blink-dev] Clear Client Hints via Clear-Site-Data header

Contact emails aric...@chromium.org, miketa...@chromium.org, yoavwe...@chromium.org Specification https://w3c.github.io/webappsec-clear-site-data/ Summary Websites will now be able to clear the client hints cache using `Clear-Site-Data: “clientHints”`. Client hints will also now be cleared whe

[blink-dev] Intent to Prototype & Ship: Clear Client Hints via Clear-Site-Data header

Updating subject to reflect intent. ~ Ari Chivukula (Their/There/They're) On Mon, Jul 17, 2023, 14:35 Ari Chivukula wrote: > Contact emails > > aric...@chromium.org, miketa...@chromium.org, yoavwe...@chromium.org > > Specification > > https://w3c.github.io

Re: [blink-dev] Intent to Prototype & Ship: Clear-Site-Data header wildcard syntax

Replies inline. ~ Ari Chivukula (Their/There/They're) On Tue, Jul 18, 2023 at 1:59 PM Rick Byers wrote: > Seems like a pretty tiny addition to an already shipped feature. Just one > question on future compat: > > On Mon, Jul 17, 2023 at 7:34 AM Ari Chivukula > wrote:

Re: [blink-dev] Intent to Prototype & Ship: Clear Client Hints via Clear-Site-Data header

Wanted to bump review for this, thanks! ~ Ari Chivukula (Their/There/They're) On Tue, Jul 18, 2023 at 2:00 PM Rick Byers wrote: > Seems like a pretty minor and straightforward addition to an already > shipped feature to me. LGTM1 > > On Mon, Jul 17, 2023 at 4:39 PM Ari C

[blink-dev] Intent to Prototype & Ship: Cookie Expires/Max-Age attribute upper limit for prior storage

Contact emails aric...@chromium.org, miketa...@chromium.org, bing...@chromium.org Specification https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-expires-attribute Summary Since M104 cookies newly created or updated with an expiration date would have that date capp

[blink-dev] Re: Intent to Prototype & Ship: Cookie Expires/Max-Age attribute upper limit for prior storage

motivation for this change is to require, now that we're about to hit 400 days since the cap was imposed on new/updated cookies, that no special privileges be extended to cookies that just happened to have been stored before. ~ Ari Chivukula (Their/There/They're) On Wed, Aug 2, 2023 at 3:

Re: [blink-dev] Re: Intent to Prototype & Ship: Cookie Expires/Max-Age attribute upper limit for prior storage

e set once and never again, but given cookie retention timelines are not guaranteed sites should not do this. The actual expiration time of the cookie isn't returned in the cookie header or document.cookie, so sites should already be refreshing cookies (by setting them again) on occasion.

  1   2   >