LGTM3 On Wednesday, February 19, 2025 at 11:29:50 AM UTC-5 Chris Harrelson wrote:
> LGTM2 > > On Wed, Feb 19, 2025 at 8:28 AM Alex Russell <slightly...@chromium.org> > wrote: > >> LGTM1; thanks for making sure to follow up on the spec PRs. >> >> On Thursday, February 13, 2025 at 6:44:27 AM UTC-8 joha...@google.com >> wrote: >> >>> > The spec PR for this is still marked as a draft, and as such hasn't >>> received significant editor review. Can you say more about what's blocking >>> it from being ready? >>> >>> As alluded to by Anne in the PR >>> <https://github.com/whatwg/html/pull/10915#issuecomment-2595870637>, >>> this is yet another feature dependent on cookie layering work to complete. >>> The good news is that there's significant progress on that front, with both >>> a new cookies spec draft >>> <https://github.com/johannhof/draft-annevk-johannhof-httpbis-cookies> >>> and HTML / Fetch <https://github.com/whatwg/fetch/pull/1807> PRs being >>> worked on by a group of contributors from Chromium, WebKit and Firefox. Our >>> hope is to have the majority of layering work completed this year, which is >>> great given the complexity of the work but IMO a bit too long to block >>> features like this one from progressing. >>> >>> I think I can speak for Anusha and Dylan when I say that we're ready to >>> bear the cost of potential changes for interop, also because we think that >>> is unlikely given our positive conversations with other browser vendors. >>> >>> On Thu, Feb 13, 2025 at 4:08 AM Rupert Wiser <bew...@chromium.org> >>> wrote: >>> >>>> Can you confirm this was tested in WebView specifically? WebView >>>> applies 3PC settings a little differently from other content embedders and >>>> I suspect you might need additional plumbing for the js cookies, >>>> >>>> On Thursday, February 13, 2025 at 4:52:16 AM UTC Domenic Denicola wrote: >>>> >>>>> The spec PR for this is still marked as a draft, and as such hasn't >>>>> received significant editor review. Can you say more about what's >>>>> blocking >>>>> it from being ready? >>>>> >>>>> On Thursday, February 13, 2025 at 2:04:55 AM UTC+9 anush...@google.com >>>>> wrote: >>>>> >>>>> >>>>> Hey, sorry about that just went ahead and started all of the relevant >>>>> ones! >>>>> On Wednesday, February 12, 2025 at 11:21:21 AM UTC-5 >>>>> vmp...@chromium.org wrote: >>>>> >>>>> Hey, >>>>> >>>>> Do you mind starting all of the relevant reviews for this as well? >>>>> [image: chipsna.png] >>>>> >>>>> Thanks, >>>>> Vlad >>>>> >>>>> On Wed, Feb 12, 2025 at 9:09 AM 'Anusha Muley' via blink-dev < >>>>> blin...@chromium.org> wrote: >>>>> >>>>> Contact emails >>>>> >>>>> anush...@chromium.org, dylan...@chromium.org >>>>> >>>>> >>>>> Explainer >>>>> >>>>> https://github.com/explainers-by-googlers/csp-sandbox-allow- >>>>> same-site-none-cookies >>>>> >>>>> Specification >>>>> >>>>> HTML Spec https://github.com/whatwg/html/pull/10915 >>>>> >>>>> Summary >>>>> >>>>> Enable a frame to signal the browser to include SameSite=None cookies >>>>> in first-party requests from sandboxed frames when third-party cookie >>>>> (3PC) >>>>> restrictions are active using the allow-same-site-none-cookies value. >>>>> >>>>> Blink component >>>>> >>>>> Chromium > Blink > SecurityFeature > ContentSecurityPolicy >>>>> Search tags >>>>> >>>>> allow-same-site-none-cookies >>>>> >>>>> TAG review >>>>> >>>>> https://github.com/w3ctag/design-reviews/issues/1004 >>>>> TAG review status >>>>> >>>>> Early Design Review Satisfied >>>>> >>>>> Chromium Trial Name >>>>> >>>>> N/A- No OT >>>>> >>>>> Origin Trial documentation link >>>>> >>>>> N/A- No OT >>>>> >>>>> Risks >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> Gecko: Positive >>>>> <https://github.com/mozilla/standards-positions/issues/1165> >>>>> >>>>> WebKit: No signal >>>>> <https://github.com/WebKit/standards-positions/issues/450> (we >>>>> discussed this with them and got tentatively positive feedback) >>>>> >>>>> Web developers: Positive (see public feedback >>>>> <https://issues.chromium.org/issues/41486025#comment15>, we also >>>>> received a private signal of developer demand) >>>>> >>>>> Other signals: >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> No >>>>> >>>>> >>>>> Debuggability >>>>> >>>>> Feature use visible in the experimental Chrome DevTools Protocol >>>>> Monitor >>>>> <https://developer.chrome.com/blog/new-in-devtools-92/#protocol-monitor>, >>>>> Cookies (and the reasons why they are included/excluded) are generally >>>>> debuggable via the Network panel. >>>>> >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>> >>>>> Yes >>>>> >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> Yes, https://wpt.fyi/results/cookies/samesite/sandbox- >>>>> allow-same-site-none-cookies-value.tentative.https.html >>>>> >>>>> Flag name on chrome://flags >>>>> >>>>> N/A >>>>> >>>>> Finch feature name >>>>> >>>>> “AllowSameSiteNoneCookiesInSandbox” >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> False >>>>> >>>>> Tracking bug >>>>> >>>>> https://g-issues.chromium.org/u/0/issues/372894175 >>>>> >>>>> Measurement >>>>> >>>>> UMA histogram value to measure the usage of the new >>>>> ThirdPartyCookieAllowMechanism >>>>> >>>>> UKM log usage and aggregate by urls that are using the value >>>>> >>>>> Sample links >>>>> >>>>> https://sandbox-allow-same-site-none-cookies-demo.glitch.me/ >>>>> >>>>> Estimated milestones >>>>> >>>>> 135 >>>>> >>>>> Anticipated spec changes >>>>> >>>>> None >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/5090336588955648 >>>>> >>>>> *Links to previous Intent discussions *Intent to Prototype: Allow >>>>> SameSite=None Cookies in First-Party Sandboxed Contexts >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f89dec9c-ba10-4c4a-b208-7804ab5d32d7n%40chromium.org> >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+...@chromium.org. >>>>> >>>>> >>>>> To view this discussion visit https://groups.google.com/a/ >>>>> chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10- >>>>> 6c1e8f1b5177n%40chromium.org >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d0ddbd19-fd21-483f-8a10-6c1e8f1b5177n%40chromium.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ae298e38-ee2a-48f0-a6be-f95c3fdbddf3n%40chromium.org >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ae298e38-ee2a-48f0-a6be-f95c3fdbddf3n%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/81dd5070-6a18-45f3-bb40-ba5a624f93fen%40chromium.org.
