fmarier
commented
4 years ago Open pes10k opened 5 years ago
fmarier
commented
4 years ago fmarier
commented
4 years ago The latest version of ITP does the following:
Now ITP has aligned the remaining script-writable storage forms with the existing client-side cookie restriction, deleting all of a website’s script-writable storage after seven days of Safari use without user interaction on the site. These are the script-writable storage forms affected (excluding some legacy website data types):
- Indexed DB
- LocalStorage
- Media keys
- SessionStorage
- Service Worker registrations
pes10k
commented
4 years ago Just adding (bc i couldn't tease it out from the blog post), Safari now does this for all sites, not just ITP-labeled domains.
Also, interesting implementation detail, 3p w/o storage access don't get a timer (e.g. seeing the same 3p on the same 1p doesnt' reset the timer for the 3p's storage)
We currently set a max lifetime of 7 days for JS set cookies. It would be good to add some similar lifetime-ing of other JS-set storage (i.e. localStorage, indexDB).
Might also make sense to key off of whether the JS is 1p or 3p (not the frame / context, but the JS code source)