Add support for partitioned cookies to CookieStore.

explainer.md

@@ -14,9 +14,12 @@
   + [Read a cookie](#read-a-cookie)
   + [Read multiple cookies](#read-multiple-cookies)
   + [Read the cookies for a specific URL](#read-the-cookies-for-a-specific-url)
+  + [Read a partitioned cookie](#read-a-partitioned-cookie)
 * [The Modifications API](#the-modifications-api)
   + [Write a cookie](#write-a-cookie)
+  + [Write a partitioned cookie](#write-a-partitioned-cookie)
   + [Delete a cookie](#delete-a-cookie)
+  + [Delete a partitioned cookie](#delete-a-partitioned-cookie)
   + [Access all the cookie data](#access-all-the-cookie-data)
 * [The Change Events API](#the-change-events-api)
   + [Get change events in documents](#get-change-events-in-documents)
@@ -263,6 +266,22 @@ any URL under their scope.
 Documents can only obtain the cookies at their current URL. In other words,
 the only valid `url` value in Document contexts is the document's URL.
 
+### Read a partitioned cookie
+
+If the user agent supports
+[cookie partitioning](https://github.com/DCtheTall/CHIPS), then the cookie
+objects will have a boolean value indicating if the cookie is partitioned.
+
+```javascript
+// Read a cookie set without the Partitioned attribute.
+const cookie = await cookieStore.get('session_id');
+console.log(cookie.partitioned);  // -> false
+
+// Read a Partitioned cookie from a third-party context.
+const cookie = await cookieStore.get('__Host-third_party_session_id');
+console.log(cookie.partitioned);  // -> true
+```
+
 ## The Modifications API
 
 Both documents and service workers access the same modification API, via the
@@ -292,6 +311,21 @@ await cookieStore.set({
 });
 ```
 
+### Write a partitioned cookie
+
+If the user agent supports [cookie partitioning](https://github.com/WICG/CHIPS)
+then you can set a partitioned cookie in a third-party context using the following.
+
+```javascript
+await cookieStore.set({
+  name: '__Host-third_party_session_id',
+  value: 'foobar',
+  path: '/',
+  sameSite: 'none'
+  // `Secure` is implicitly set
+});
+```
+
 ### Delete a cookie
 
 ```javascript
@@ -316,6 +350,27 @@ try {
 }
 ```
 
+### Delete a partitioned cookie
+
+If the user agent supports [cookie partitioning](https://github.com/WICG/CHIPS)
+then it is possible for a site to set both a partitioned and unpartitioned
+cookie with the same name.
+
+In this edge case, if a site would like to distinguish between whether they
+want to delete their partitioned and unpartitioned cookie, they can provide
+a `partitioned` attribute. If the site wants to delete the partitioned cookie,
+the site could use:
+
+```javascript
+await cookieStore.delete({
+  name: '__Host-third_party_session_id',
+  partitioned: true
+});
+```
+
+If the site wants to delete the unpartitioned cookie, change the `partitioned`
+field to `false`.
+
 ### Access all the cookie data
 
 The objects returned by `get` and `getAll` contain all the information in the

index.bs

@@ -500,12 +500,14 @@ dictionary CookieInit {
   USVString? domain = null;
   USVString path = "/";
   CookieSameSite sameSite = "strict";
+  boolean partitioned = false;
 };
 
 dictionary CookieStoreDeleteOptions {
   required USVString name;
   USVString? domain = null;
   USVString path = "/";
+  boolean partitioned;
 };
 
 dictionary CookieListItem {
@@ -516,6 +518,7 @@ dictionary CookieListItem {
   DOMTimeStamp? expires;
   boolean secure;
   CookieSameSite sameSite;
+  boolean partitioned;
 };
 
 typedef sequence<CookieListItem> CookieList;
@@ -689,6 +692,9 @@ The <dfn method for=CookieStore>set(|options|)</dfn> method steps are:
         |options|["{{CookieInit/domain}}"],
         |options|["{{CookieInit/path}}"], and
         |options|["{{CookieInit/sameSite}}"].
+    1. If the |options|["{{CookieInit/partitioned}}"] attribute is present and the user agent supports [cookie partitioning](https://github.com/WICG/CHIPS), then
+      1. If the current browsing context is a service worker, set the cookie's partition key be |origin|'s [=site=].
+      1. If the current browsing context is an HTML document, then the cookie's partition key is the [=site=] of the topmost frame.
     1. If |r| is failure, then [=reject=] |p| with a {{TypeError}} and abort these steps.
     1. [=/Resolve=] |p| with undefined.
 1. Return |p|.
@@ -743,6 +749,11 @@ The <dfn method for=CookieStore>delete(|options|)</dfn> method steps are:
         |options|["{{CookieStoreDeleteOptions/name}}"],
         |options|["{{CookieStoreDeleteOptions/domain}}"], and
         |options|["{{CookieStoreDeleteOptions/path}}"].
+    1. If the |options|["{{CookieStoreDeleteOptions/partitioned}}"] field is present and the user agent supports [cookie partitioning](https://github.com/WICG/CHIPS), then
+      1. If the value is |false|, then |r| should only match cookies with no partition key.
+      1. If the value is |true|, then
+        1. If the browsing context is a service worker, then |r| should only match cookies whose partition key is the [=site=] of |origin|.
+        1. If the browsing context is an HTML document, then |r| should only match cookies whose partition key is the [=site=] of the topmost frame.
     1. If |r| is failure, then [=reject=] |p| with a {{TypeError}} and abort these steps.
     1. [=/Resolve=] |p| with undefined.
 1. Return |p|.
@@ -1067,14 +1078,16 @@ To <dfn>create a {{CookieListItem}}</dfn> from |cookie|, run the following steps
         : \``Lax`\`
         :: Let |sameSite| be "{{CookieSameSite/lax}}".
     </dl>
+1. Let |partitioned| be a boolean indicating that the user agent supports [cookie partitioning](https://github.com/WICG/CHIPS) and that that |cookie| has a partition key.
 1. Return «[
     "name" → |name|,
     "value" → |value|,
     "domain" → |domain|,
     "path" → |path|,
     "expires" → |expires|,
     "secure" → |secure|,
-    "sameSite" → |sameSite|
+    "sameSite" → |sameSite|,
+    "partitioned" → |partitioned|
     ]»
 
 Note: The |cookie|'s