> The spec PR for this is still marked as a draft, and as such hasn't received significant editor review. Can you say more about what's blocking it from being ready?
As alluded to by Anne in the PR <https://github.com/whatwg/html/pull/10915#issuecomment-2595870637>, this is yet another feature dependent on cookie layering work to complete. The good news is that there's significant progress on that front, with both a new cookies spec draft <https://github.com/johannhof/draft-annevk-johannhof-httpbis-cookies> and HTML / Fetch <https://github.com/whatwg/fetch/pull/1807> PRs being worked on by a group of contributors from Chromium, WebKit and Firefox. Our hope is to have the majority of layering work completed this year, which is great given the complexity of the work but IMO a bit too long to block features like this one from progressing. I think I can speak for Anusha and Dylan when I say that we're ready to bear the cost of potential changes for interop, also because we think that is unlikely given our positive conversations with other browser vendors. On Thu, Feb 13, 2025 at 4:08 AM Rupert Wiser <bew...@chromium.org> wrote: > Can you confirm this was tested in WebView specifically? WebView applies > 3PC settings a little differently from other content embedders and I > suspect you might need additional plumbing for the js cookies, > > On Thursday, February 13, 2025 at 4:52:16 AM UTC Domenic Denicola wrote: > >> The spec PR for this is still marked as a draft, and as such hasn't >> received significant editor review. Can you say more about what's blocking >> it from being ready? >> >> On Thursday, February 13, 2025 at 2:04:55 AM UTC+9 anush...@google.com >> wrote: >> >> >> Hey, sorry about that just went ahead and started all of the relevant >> ones! >> On Wednesday, February 12, 2025 at 11:21:21 AM UTC-5 vmp...@chromium.org >> wrote: >> >> Hey, >> >> Do you mind starting all of the relevant reviews for this as well? >> [image: chipsna.png] >> >> Thanks, >> Vlad >> >> On Wed, Feb 12, 2025 at 9:09 AM 'Anusha Muley' via blink-dev < >> blin...@chromium.org> wrote: >> >> Contact emails >> >> anush...@chromium.org, dylan...@chromium.org >> >> >> Explainer >> >> https://github.com/explainers-by-googlers/csp-sandbox-allow- >> same-site-none-cookies >> >> Specification >> >> HTML Spec https://github.com/whatwg/html/pull/10915 >> >> Summary >> >> Enable a frame to signal the browser to include SameSite=None cookies in >> first-party requests from sandboxed frames when third-party cookie (3PC) >> restrictions are active using the allow-same-site-none-cookies value. >> >> Blink component >> >> Chromium > Blink > SecurityFeature > ContentSecurityPolicy >> Search tags >> >> allow-same-site-none-cookies >> >> TAG review >> >> https://github.com/w3ctag/design-reviews/issues/1004 >> TAG review status >> >> Early Design Review Satisfied >> >> Chromium Trial Name >> >> N/A- No OT >> >> Origin Trial documentation link >> >> N/A- No OT >> >> Risks >> >> Interoperability and Compatibility >> >> Gecko: Positive >> <https://github.com/mozilla/standards-positions/issues/1165> >> >> WebKit: No signal >> <https://github.com/WebKit/standards-positions/issues/450> (we discussed >> this with them and got tentatively positive feedback) >> >> Web developers: Positive (see public feedback >> <https://issues.chromium.org/issues/41486025#comment15>, we also >> received a private signal of developer demand) >> >> Other signals: >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> No >> >> >> Debuggability >> >> Feature use visible in the experimental Chrome DevTools Protocol Monitor >> <https://developer.chrome.com/blog/new-in-devtools-92/#protocol-monitor>, >> Cookies (and the reasons why they are included/excluded) are generally >> debuggable via the Network panel. >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)? >> >> Yes >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> Yes, https://wpt.fyi/results/cookies/samesite/sandbox- >> allow-same-site-none-cookies-value.tentative.https.html >> >> Flag name on chrome://flags >> >> N/A >> >> Finch feature name >> >> “AllowSameSiteNoneCookiesInSandbox” >> >> Requires code in //chrome? >> >> False >> >> Tracking bug >> >> https://g-issues.chromium.org/u/0/issues/372894175 >> >> Measurement >> >> UMA histogram value to measure the usage of the new >> ThirdPartyCookieAllowMechanism >> >> UKM log usage and aggregate by urls that are using the value >> >> Sample links >> >> https://sandbox-allow-same-site-none-cookies-demo.glitch.me/ >> >> Estimated milestones >> >> 135 >> >> Anticipated spec changes >> >> None >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5090336588955648 >> >> *Links to previous Intent discussions *Intent to Prototype: Allow >> SameSite=None Cookies in First-Party Sandboxed Contexts >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f89dec9c-ba10-4c4a-b208-7804ab5d32d7n%40chromium.org> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+...@chromium.org. >> >> >> To view this discussion visit https://groups.google.com/a/ >> chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10- >> 6c1e8f1b5177n%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10-6c1e8f1b5177n%40chromium.org?utm_medium=email&utm_source=footer> >> . >> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4h5BVHWgMV%2BJ7FwdR%3DVRxRK6Gy5mAta-tG2usf53zBCyg%40mail.gmail.com.
