mozilla / standards-positions

https://mozilla.github.io/standards-positions/
Mozilla Public License 2.0
650 stars 71 forks source link

Standardizing Security Semantics for Cross-Site Cookies #806

Open DCtheTall opened 1 year ago

DCtheTall commented 1 year ago

Request for Mozilla Position on an Emerging Web Specification

Other information

This document proposes to standardize the security semantics of cross-site cookies when third-party cookie blocking is enabled. The main points we would like to make standard behavior are:

Since this behavior causes third-party cookie blocking to be stricter in Gecko than the current state (particularly for ABA embeds) we can work with you to minimize the compat impact.

dveditz commented 1 year ago

A bit of a nitpick, but what "standard" are we supposed to have a position on? There's a link to an explainer, but this looks very "pre-standard" and I'm not sure our standards position process is intended for discussions that are in that stage.

zcorpan commented 1 year ago

I'm not sure our standards position process is intended for discussions that are in that stage.

I've filed https://github.com/mozilla/standards-positions/issues/808

johannhof commented 1 year ago

Hey Dan, that's a fair point. We're aiming to pick this up as a WG Note for WebAppSec and would appreciate your early input to the explainer, but I understand if this issue is not actionable for deriving a position on at the moment. We'll get back to you when there's been some progress.