Hey, The first item looks like a good starting point. We can discuss possible solutions when we know how much usage there is.
For visibility, can you please file a chromestatus entry for this intent? Thanks, Vlad On Wed, Jun 5, 2024 at 10:36 AM 'Dylan Cutler' via blink-dev < blink-dev@chromium.org> wrote: > Hey Vlad, > > Thanks for your response and interest in the intent. I can see two paths > going forward. > > > 1. We query UMA to determine just what percentage of WebView apps > embed content using CHIPS (and in how many partitions). We can also use > these metrics to identify the top apps who embed users of CHIPS and make > sure this change would not lead to disruptions. If that proves to be enough > so that you are no longer concerned about breakage then we could move > forward. Otherwise, we move on to approach (2). > 2. We refactor our code so that if CHIPS is disabled in WebView, > rather than deleting partitioned cookies we could convert them to > unpartitioned. If the user has an unpartitioned cookie with the same > name/domain/path, then we would delete the partitioned cookie in favor of > the unpartitioned one. If multiple cookies exist in different partitions > and no such unpartitioned cookie exists, we would fall back on the most > recently used cookie. It is worth noting, this technique is complex and > could have its own risks, so we'd like to leave it as a last resort. > > Let me know what you think, and if this sounds acceptable, I can get that > data from UMA to start to inform if we want to pursue the algorithm in (2). > > Thanks, > Dylan > > On Fri, May 31, 2024 at 5:11 AM Vladimir Levin <vmp...@chromium.org> > wrote: > >> On Wed, May 29, 2024 at 5:02 PM 'Dylan Cutler' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> Hello Blink API Owners, >>> >>> >>> We’re seeking approval to unship and relaunch CHIPS (a.k.a. partitioned >>> cookies) in Android WebView only. >>> >>> Rationale >>> >>> The WebViewClient supports a method, shouldInterceptRequest >>> <https://developer.android.com/reference/android/webkit/WebViewClient#shouldInterceptRequest(android.webkit.WebView,%20android.webkit.WebResourceRequest)>, >>> which allows developers to intercept network activity and modify HTTP >>> headers, etc. This API does not have access to the Cookie header and relies >>> on the Android CookieManager API >>> <https://developer.android.com/reference/android/webkit/CookieManager> >>> in order to query what cookies are available for a particular request URL. >>> This is because the request is intercepted before it is sent to the >>> network service >>> <https://source.chromium.org/chromium/chromium/src/+/main:android_webview/browser/aw_contents_io_thread_client.cc;l=316;drc=59ac8227c5dd59754331b3f7f9f85e1a947f1242>, >>> where the Cookie header is added. However, partitioned cookies are >>> double-keyed on the top-level site and the site of the URL using the >>> cookies. >>> >>> Currently, the CookieManager API provides no way for developers to query >>> partitioned cookies correctly, and this will cause a mismatch between what >>> the Java API returns and what frames in WebView will actually be in their >>> Cookie header. In hindsight, this seems risky and prone to bugs, and not >>> something the CHIPS team had considered while designing the API. >>> >>> After discussing this with the WebView team, we believe that the option >>> that will minimize potential app breakage is to disable CHIPS on WebView >>> until we are able to ship support for the Cookie header to >>> shouldInterceptRequest. We will release the changes to >>> shouldInterceptRequest in the next target SDK version (API level 36). >>> >>> We will reconsider our decision to unlaunch CHIPS in WebView if we get >>> feedback from the community that this would cause significant disruption. >>> >>> Behavior after deprecation: >>> >>> Cookies set with the Partitioned attribute on WebView will have the >>> attribute ignored, and the cookie will be treated as unpartitioned. Any >>> existing partitioned cookies created in WebView will be deleted to avoid >>> conflicts across different partitions and the unpartitioned cookie jar. >>> >> >> This sounds like a pretty noticeable breakage. Are there any estimates on >> how many apps/users/developers would be impacted by this change? >> >> Also, as a point of process, I think this may require an intent to >> deprecate and remove in the chromestatus, although because this is only for >> WebView, I'm not entirely sure if there's a precedent. >> >> Thanks! >> Vlad >> >> >>> >>> All other platforms besides WebView will still have the Partitioned >>> attribute enabled. >>> >>> Timeline: >>> >>> We plan to turn down CHIPS on WebView in M127. >>> >>> We will relaunch CHIPS along with Android W, which will include changes >>> to the Android CookieManager API, in 2025. >>> >>> >>> Thanks, >>> >>> Dylan Cutler >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFQOPkYjRxrs68q%2BHxebt-JWCopZ6Rq9r0O80dQF8PWwRg%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFQOPkYjRxrs68q%2BHxebt-JWCopZ6Rq9r0O80dQF8PWwRg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFQ0N4hu_TF%2BBVC4MgRJgYoqmodqP%3Dg7L1dmE_GYqb1v3w%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMCNMFQ0N4hu_TF%2BBVC4MgRJgYoqmodqP%3Dg7L1dmE_GYqb1v3w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2NDhN0%3DMQRtCVi8Xs5GjaUjFNX1p_ZWrOe39dR8H3VE7w%40mail.gmail.com.
