BBC use case in explainer

In my opinion restrictions on top-level cookies in redirect chains is inevitable, because they will be increasingly used to avoid the blocks (or storage access api prompts) on cross-origin embed storage. Safari already restricts them to some extent.

From: Chris Needham @.> Sent: 19 August 2022 11:20 To: WICG/first-party-sets @.> Cc: Subscribed @.***> Subject: [WICG/first-party-sets] BBC use case in explainer (Issue #103)

I notice that sign-in across bbc.co.uk and bbc.com is mentioned as a use case in the explainer as being affected by blocking of cross-domain cookies. This isn't quite accurate, as it doesn't depend on ability to set cross-domain cookies.

Previously, our user account settings page would update the user's cookies across both domains using redirects in an iframe embedded on bbc.com, but we have since changed this to do a top-level redirect in first party context.

The only slight concern we have today is whether any future navigation tracking prevention might cause our sign-in flow to stop working. This is a standard OpenID Connect flow, so it would help us to understand if that is anticipated.

— Reply to this email directly, view it on GitHub https://github.com/WICG/first-party-sets/issues/103 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ABAEEIVPNFADYZBCI2FEPATVZ5NWNANCNFSM57AHCIJA . You are receiving this because you are subscribed to this thread. https://github.com/notifications/beacon/ABAEEISKF6ZU5ZJGEPJPJ3TVZ5NWNA5CNFSM57AHCIJKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4UA7SFEA.gif Message ID: @. @.> >

WICG / first-party-sets

BBC use case in explainer #103