Closed Alm0g closed 7 months ago
Mind taking a look @arichiv?
The deprecation trial token must be injected in a parent frame to the frame you wish to impact as (1) participation in trials is generally not cached and (2) this specific trial impacts the way a frame is loaded and already-loaded frames cannot enable it part way through the navigation.
It might be possible to use a structure like this:
Top frame (random domain) -> partitioned extension iframe (some domain, A, you own that injects a third-party DT token for B via a script from B and then loads an iframe for B) -> unpartitioned extension iframe (some other domain you own, B, that was the target of the 3P DT token and didn't start loading until after the token was injected via a script from B in the parent iframe for A)
Hi @arichiv , I have a similar use-case (with 1 change) and tried your approach. But I couldn't get my storage unpartitioned. Here is what I have:
On google.com (e.g.), I have an extn-iframe.html -> a.com (iframe) -> b.com (iframe, this loads at a later stage on user action). Ref to image below
Case 1: I added a 3rd party DT token for b.com
from a.com
with the help of a script from b.com
(I could see a valid token in dev tools). But this didn't make the storage unpartitioned.
Case2: I tried to add a first token for extn-iframe.html
and then did everything from Case1. This didn't work as well.
Am I missing something here?
Thanks.
I believe that should work, is the token injected by a.com by a script from b.com before the iframe for b.com loads?
@arichiv Yep, the token is injected on load of a.com by a script from b.com. b.com iframe loads only after a click of a button.
I tried the following to test it further.
Case 1: Load extionsion's trial.html in an iframe on google.com which loads a.com and b.com inside it.
Case2: Open extionsion's trial.html directly in chrome search.
Do we need to do something about the trial.html iframe (it is a web accessible resource file of my extension)?
Please note: a.com
and b.com
are subdomains and I am using a Third party: true
, Match subdomains: false
token. If this information is of any help.
It seems like it should work when I read the code. Would it be possible for you to share the extension? I can try to debug it locally. My email is arichiv@chromium.org
@arichiv Thanks for helping me out with this! I have shared the code with you over email. Please let me know if you face any issues.
This is happening because "the DisableThirdPartyStoragePartitioning deprecation trial does support the third-party origin trials feature, but the third-party script injecting the token must be evaluated in the top-level frame before the third-party iframe that won't have partitioning applied is loaded." https://developers.google.com/privacy-sandbox/blog/storage-partitioning-deprecation-trial
I'm looking into a patch for M123 that respects the token if injected at any frame below the one you wish to unpartition.
Going to close as resolved here.
We have a Chrome extension which it's
host_permissions
as follows:host_permissions: ["https://*/*", "http://*/*"]
.The Chrome extension embeds an iframe in any site the user wants to, by clicking the extension icon. So, it can be
google.com
,amazon.com
, etc'.The iframe's origin is
https://testchrome.paradox.ai
. We registered the trial with that domain:Token:
Ap+UkmI5QS3o9ErWiH6Rr9YOl1t/ndsiFboNREjAtTf5jKnbavVfg/ngf3WghYZ/qyQUhr0unRXy8LsEn2+OqgkAAABzeyJvcmlnaW4iOiJodHRwczovL3Rlc3RjaHJvbWUucGFyYWRveC5haTo0NDMiLCJmZWF0dXJlIjoiRGlzYWJsZVRoaXJkUGFydHlTdG9yYWdlUGFydGl0aW9uaW5nIiwiZXhwaXJ5IjoxNzI1NDA3OTk5fQ==
We set a basic test to check the
localStorage
API. The extension is open in two tabs, Tab A and Tab B. InTab A
I click a button that adds a key to the localStorage. InTab B
I click a button that reads the value of that key. I expected the value inTab B
to be the same as inTab A
, but it wasnull
instead: VideoBoth Storage and Communication APIs seem to be partitioned.
After reading through https://developer.chrome.com/docs/web-platform/third-party-origin-trials, I repeated this test with a 3P token as well, with no luck:
AzYJvAo0Dd4mD7g5T7Fgb0pgbPvf1j8Rh77JmNj+QQ6jK5CwzOkclYZ7HpPA3nkS2vbu4PoUxBimns5+w/kApgYAAACHeyJvcmlnaW4iOiJodHRwczovL3Rlc3RjaHJvbWUucGFyYWRveC5haTo0NDMiLCJmZWF0dXJlIjoiRGlzYWJsZVRoaXJkUGFydHlTdG9yYWdlUGFydGl0aW9uaW5nIiwiZXhwaXJ5IjoxNzI1NDA3OTk5LCJpc1RoaXJkUGFydHkiOnRydWV9
If I understand properly, this trial is only for top-level sites (first line):
My questions are:
Shared Access API
as well asShared Storage API
, but both are still not part of a major Chrome version. We expected to participate in the deprecation trial to gain more time to find alternatives...Thanks a ton! Almog