Contact emailssled...@chromium.org Explainerhttps://github.com/explainers-by-googlers/frame-ancestor-headers
SpecificationNone Summary Frame Ancestor Headers would expose information about the relationship between a request's ancestor frames and that request's target by adding two new HTTP request headers, `Sec-Fetch-Frame-Top` and `Sec-Fetch-Frame-Ancestors`. This should support developers' understanding of the circumstances in which they may have access to unpartitioned cookies, and the ways in which their resources may be partitioned. Blink componentBlink>SecurityFeature>FetchMetadata <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ESecurityFeature%3EFetchMetadata%22> Motivation Currently, there is no signal on the web platform that comprehensively indicates the relationship between a request's destination and its ancestor frames. This information is important for sites to understand how cookies may be partitioned on a request and why a request may be autogranted storage access permissions. This feature offers two new headers as signals, `Sec-Fetch-Frame-Top` and `Sec-Fetch-Frame-Ancestors`, whose values will indicate whether a request's destination is `same-origin`, `same-site`, or `cross-site` to its top frame and all of its ancestor frames respectively. Initial public proposal https://github.com/w3c/webappsec-fetch-metadata/issues/56 TAG reviewNone TAG review statusPending Risks Interoperability and Compatibility None While we have not filed formal browser positions yet, a constructive discussion with both Mozilla and Apple is happening at https://github.com/w3c/webappsec-fetch-metadata/pull/89. *Gecko*: No signal *WebKit*: No signal *Web developers*: No signals *Other signals*: WebView application risks None Debuggability None Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Flag name on about://flagsNone Finch feature nameNone Non-finch justificationNone Requires code in //chrome?False Tracking bughttps://g-issues.chromium.org/issues/398224102 Launch bughttps://launch.corp.google.com/launch/4347302 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5070061747044352?gate=5172594226233344 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABa1CXw0GmEZx07970tBkTXgbCBX5qjqRu0vD6WHObh_wzB9Ug%40mail.gmail.com.
