wanderview / quota-storage-partitioning

9 stars 6 forks source link

legit communication of application that span into multiple domains #9

Open jcubic opened 1 year ago

jcubic commented 1 year ago

Is there any way to make the cross-domain communication work with this feature on? Sometimes it's legit for the application to share data (send messages between different domains) it's not only a cause of vulnerabilities and privacy violations.

I have a library sysend.js that is a way to send messages between domains. The library is already broken in Safari, because of 3rd party cookie policy that blocks everything without any exceptions.

Is there any way to make at least BroadcastChannel allow to share information Cross-domain?

As stated there are legit use cases where this new API breaks the apps created on different domains.

See the issue here: https://github.com/jcubic/sysend.js/issues/54

wanderview commented 1 year ago

We are working on unpartitioning storage and communication channels using requestStorageAccess:

https://groups.google.com/a/chromium.org/g/blink-dev/c/Mfkj1VqsKX0/m/iLk6xrdMAAAJ

In the meantime you can use the deprecation trial (at least in chrome):

https://developer.chrome.com/blog/storage-partitioning-deprecation-trial/

jcubic commented 1 year ago

It's good news that there will be a way to request Cross-origin access.

Is this something that will be part of some kind of spec? So other browsers like Safari can implement it. I think it will be more likely that they will add something like this if it's part of some kind of spec.

wanderview commented 1 year ago

Yes. See cross-browser discussion in here:

https://github.com/privacycg/storage-access/issues/102

arichiv commented 1 year ago

An update on the Origin Trial for some storage/communication mechanisms is here: https://developer.chrome.com/blog/saa-non-cookie-storage/

BroadcastChannel is available in the same Origin Trial with the Chrome 121 beta that should be promoted later this week https://chromiumdash.appspot.com/schedule.