It is nice to see that we are moving towards an "Accept third party
cookies and data" setting instead of just "Allow third party cookies".
Will localstorage and sessionstorage also start honoring the users
blocking preferences soon?
On 8/18/15 8:20 AM, Michael Layzell wrote:
Summary: Currently, there are inconsistent rules about the
availability of persistent storage in third-party iframes across
different types of storage (such as caches, IndexedDB, localstorage,
sessionstorage, and cookies). We are looking to unify these behaviors
into a consistent set of rules for when persistent storage should be
available. We have modeled this after our cookie rules, and now use
the cookie behavior preference to control third party access to these
forms of persistent storage. This means that IndexedDB (which was
previously unconditionally disabled in 3rd-party iframes) is now
available in 3rd party iframes when the accept third-party cookies
preference is set to "Always". As our current definition of accepting
third-party cookies from "Only Visited" makes no sense for non-cookie
storage, we currently treat this preference for these forms of storage
as though the preference was "Never".
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1184973
Link to standard: N/A.
Platform coverage: All platforms.
Target release: Firefox 43.
Preference behind which this will be implemented: None, although the
preference
"network.cookie.cookieBehavior" will be used to guide the behavior of
storage in third-party iFrames.
DevTools bug: N/A.
Do other browser engines implement this: Based on my quick testing:
Chrome uses it's third party preference to control access to
localStorage and sessionStorage, but not IndexedDB or caches. Safari
appears to use it's preference to control IndexedDB, but not
sessionStorage or localStorage. IE appears to only use its 3rd party
preference for cookies. All other browsers allow IndexedDB in 3rd
party iframes with default settings.
Security & Privacy Concerns: This changes how websites can store data
on the user's machine.
Web designer / developer use-cases: Previously, we had made IndexedDB
unavailable in 3rd-party iframes. Web developers will now be able to
use IndexedDB in 3rd party iframes when the user has the accept
cookies preference set to always.
Michael
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
