Cookies with the Partitioned attribute in non-partitioned contexts

privacycg / CHIPS

A proposal for a cookie attribute to partition cross-site cookies by top-level site

Other

116 stars 29 forks source link

Cookies with the Partitioned attribute in non-partitioned contexts #38

Closed annevk closed 1 year ago

annevk commented 2 years ago

In the Privacy CG meeting yesterday it was made clear that the Partitioned attribute would also have some function in non-partitioned contexts. They might end up in their own store segment (although this might be temporary?), but at a minimum they would result in a successful cookie.

The explainer is not clear about this. A lot of the language in it suggests this is about "third-party" scenarios only. E.g.,

In third-party contexts, the Partitioned cookies would be sent in the request header as follows:

Whereas reportedly the context here is irrelevant, Partitioned cookies would always be sent like that.

DCtheTall commented 2 years ago

Hey @annevk, there is actually a section in the explainer where we talk about using Partitioned in a first-party context as a less-strict form of SameSite protections. See this section of the explainer for a more detailed explanation of the use case (with graphics!)

annevk commented 2 years ago

That helps and is interesting, but what motivated me to file this issue was the scenario where you visit example.com and it has no children of any kind.

And also with an eye on the future where there will not be cross-site cookies.

DCtheTall commented 2 years ago

That helps and is interesting, but what motivated me to file this issue was the scenario where you visit example.com and it has no children of any kind.

My thinking was given that this use case exists, we can allow partitioned cookies in first-party (i.e. non-partitioned) contexts in case the site has children with cross-site ancestors later on.

That being said, I am open to alternatives. Were you thinking that we would not allow cookies to be set with Partitioned if the partition key and cookie's URL are same-site?

annevk commented 2 years ago

Yeah, that's more how I expected it since it's a non-partitioned context.

I don't necessarily mind it working. However, #40 is relevant here because as currently defined it would allow a partitioned context to set cookies that get replayed in a non-partitioned context, which seems dubious and potentially problematic.

The main reason I filed this issue is because the explainer isn't clear about it. E.g., language such as "Third parties may opt-in to using CHIPS by setting their cross-site cookies with the Partitioned attribute." makes it sound like this is not applicable in non-partitioned contexts. The attribute name doesn't really help with that either.

krgovind commented 1 year ago

Anne, thanks for identifying this issue first.

I hope you don't mind, but I'm going to mark this as a Duplicate of #51 , which was opened later but is referenced in some developer outreach materials, so I'd like to use that one as the canonical one.

krgovind commented 1 year ago

Duplicate of #51