On Sun, Sep 9, 2018 at 5:10 AM Mike O'Neill <ekimone...@gmail.com> wrote:
> This is great but I have a couple queries. > > > > In our implementation, once Storage Access API grants storage access, > > all existing third-party iframes on the same first party will receive > that > > storage access, whereas in WebKit’s implementation they each would > require > > calling requestStorageAccess() separately. > > - > > > Presumably this is restricted to iframes *of the same origin* on the same > first party, i.e. if there are 2 iframes on different origins they would > each still have to request storage access. Can you confirm this? > Yes, of course. > > > > > > We don’t necessarily believe that a model where the user is asked whether > > they consent to sharing their data with third-party trackers is ideal, > > because explaining the implications of the data sharing is very hard, and > > there are many problems associated with asking for permission from the > > user. But we are looking at this API as a programmatic hook into the > point > > in time when a third-party context would like to obtain full storage > access > > rights, which would allow the browser to perform various forms of > > security/privacy checks at that time. Prompting the user is only one of > the > > options we’ve thought about so far. Note that the API limits granting > > access only to callers coming at times when processing a user gesture. > > > The legal requirement in Europe is that storage can only be accessed if > the user has unambiguously given their "freely given, specific & informed" > consent. How will a European website top-level context (first-party) ensure > that embedded third-parties will not be granted storage access without the > user first being prompted? > In general in order to comply with regulations such as GDPR, websites need to do a lot more than just look at the Storage Access API, so this is a very partial answer to your question. The API provides the ability right now for the embedder to control the ability of the embedded third-party to request storage access using an iframe sandbox flag. In the future we may consider adding further controls in this regard, for example, allowing the top-level embedder to control whether the embedded content can call the API using feature policy. Please note that Firefox will grant storage access permissions automatically under certain circumstances for web compatibility reasons, so even when the iframe has never called this API it may still obtain storage access. In order to prevent that from happening, the usual approaches against embedded content gaining storage access (through sandboxing the iframe to give it a unique origin) could be used. Cheers, -- Ehsan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
