Storage Access Headers

[cfredric]

WebKittens

@annevk @johnwilander

Title of the proposal

Storage Access Headers

URL to the spec

https://privacycg.github.io/storage-access-headers/

URL to the spec's repository

https://github.com/privacycg/storage-access-headers

Issue Tracker URL

No response

Explainer URL

No response

TAG Design Review URL

w3ctag/design-reviews#982

Mozilla standards-positions issue URL

mozilla/standards-positions#1084

WebKit Bugzilla URL

No response

Radar URL

No response

Description

The Storage Access Headers proposal creates new HTTP request and response headers to enable authenticated embeds to access third-party cookies, even without an iframe, via existing storage-access permission grants.

[othermaciej]

The “spec” here is just a skeleton pointing to the explainer: https://github.com/privacycg/storage-access-headers

[johannhof]

Hi Maciej, thanks for taking a look! Yes, it's a placeholder. I think @cfredric has been hacking away on an initial spec in his personal fork of the repo that we'll try to merge some time this week.

[cfredric]

Yes indeed. I've been working on a draft spec in privacycg/storage-access-headers#20.

[RByers]

Note that that this spec is now adopted by the privacy CG and Chromium has just approved shipping it.

[annevk]

It seems that generally Storage Access Headers preserves the invariants colleagues and I care about and as such is a reasonable extension of the Storage Access feature.

Unfortunately it's hard to fully evaluate however as there's still a number of missing pieces to the standardization story of Storage Access itself. One thing I did spot is that worker integration appears to be completely missing: privacycg/storage-access-headers#26.

[johannhof]

Thanks Anne, that makes sense! I think we agree that there are some things we need to better figure out around Storage Access, particularly workers. I do expect that to come out of the collaboration we already have on both SAA and Cookie Layering :)