-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for partitioned cookies to CookieStore. #206
Conversation
This PR is a change to the CookieStore API spec to support partitioned cookies. These changes could be used to support the Partitioned attribute, a.k.a. CHIPS. There is an open PR in the CHIPS repository adding a note about these changes to the explainer. |
One quick addendum: if user agents implement service worker partitioning (ref) then the cookie's partition key should be the site of the worker's partition key. If user agents don't implement storage partitioning, then partitioned cookies may need to be blocked in service workers. Otherwise, service workers could use partitioned cookies as a cross-site identifier. See the CHIPS explainer for more detail. Service worker partitioning is also mentioned in more detail in this proposal. |
I put together a CL that implements these changes in Chromium. |
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug:1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656}
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656}
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656}
…Store API, a=testonly Automatic update from web-platform-tests Add Partitioned cookie support to CookieStore API This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656} -- wpt-commits: bb30d118adc1c7154c548a28e81d30723e0aaaa8 wpt-pr: 31374
…Store API, a=testonly Automatic update from web-platform-tests Add Partitioned cookie support to CookieStore API This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656} -- wpt-commits: bb30d118adc1c7154c548a28e81d30723e0aaaa8 wpt-pr: 31374
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656}
This CL adds support for Partitioned cookies* to the CookieStore API. It implements the changes proposed in WICG/cookie-store#206 in Chromium. Cookie partitioning will only be active and the `partitioned` field is only considered by `CookieStore.set` or `CookieStore.delete` when the --partitioned-cookies flag is set. *: see https://github.com/WICG/CHIPS Bug: 1225444 Change-Id: I4bdde833c28fa192bb0b5e011a6005a45029b481 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3212611 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Ayu Ishii <ayui@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/main@{#937656} NOKEYCHECK=True GitOrigin-RevId: 4a461f1bb88cd8e12231512641dafcfa7f1cd48b
Wow, this fell off my radar. Is this just waiting for final review/merge, or is there further discussion that should happen first? |
index.bs
Outdated
@@ -689,6 +692,9 @@ The <dfn method for=CookieStore>set(|options|)</dfn> method steps are: | |||
|options|["{{CookieInit/domain}}"], | |||
|options|["{{CookieInit/path}}"], and | |||
|options|["{{CookieInit/sameSite}}"]. | |||
1. If the |options|["{{CookieInit/partitioned}}"] attribute is present and the user agent supports [cookie partitioning](https://github.com/WICG/CHIPS), then | |||
1. If the current browsing context is a service worker, set the cookie's partition key be |origin|'s [=site=]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should linkify "current browsing context" and "service worker"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also.. this is run after the cookie is set, which seems unusual. ISTM the partition key should be captured before "set a cookie" and passed into it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And should we toss a definition of "partition key" into the cookie-concept section?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the partition key can be up to RFC6265bis to define, since the CookieStore API is not actually concerned with partition key values and the cookie RFC will (some day) specify how to select which partitioned cookies to include in a request. So I do not think this spec needs to be concerned with that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes... but https://wicg.github.io/cookie-store/#cookie-concept basically has "proxy" definitions for RFC6265bis terms, since I don't think we can link directly to them. We can add it later though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost there! Just tiny nitpicks.
BTW, I was playing with cookieStore/document.cookie interop and it took me a while to realize that with document.cookie "partitioned" is ignored unless "path" and "secure" are also specified, which are the default with cookieStore but of course not document.cookie. Do you think we should add an example in the "Modifying Cookies" section, or is this well known? |
Tad correction, you only need the "secure" attribute set. The "path" attribute is not necessary 😄
The Secure requirement is a well-known part of the proposal for the definition of Partitioned for RFC6265bis. |
SHA: 880b5ea Reason: push, by inexorabletash Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Thanks for clarifying! https://source.chromium.org/chromium/chromium/src/+/main:net/cookies/canonical_cookie_unittest.cc;l=731 mislead me a bit I guess. |
Ah, this is because Path=/ is required for the __Host- prefix, which that cookie also uses. I can see why that is initially confusing, especially considering Partitioned was originally designed to require __Host- but we loosened it to only require Secure 😄 |
Preview | Diff
Preview | Diff