-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What are the suggested heuristics for 3PC deprecation relief #172
Comments
Hi @mrvanes, for details please see the Intent to Prototype here: https://groups.google.com/a/chromium.org/g/blink-dev/c/Eeh2pE0DRaE/m/1BJyBlCUAAAJ which links to the explainer: https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md Note that this is still being developed and we haven't yet committed to which specific heuristics will be shipped at what timeline. The preliminary target for implementation is Chrome M120, which is in Canary right now. You can follow along on the Chromestatus page: https://chromestatus.com/feature/5181771549507584 |
Ah, I misread this to ask about the timeline for shipping. While we intend to work with the other browsers to deprecate the heuristics, we don't have a clear target date yet, as that work depends on a variety of external ecosystem considerations such as site adoption of new technologies. |
Thank you for the pointers. From Key Use Cases I presume that the heuristics will only mitigate breakage of embedded 3rd party cookies on site-A? Does that mean that 3PC for POST redirects from site-B to A using |
Yes, that's correct. We've written about this in https://github.com/DCtheTall/standardizing-cross-site-cookie-semantics/blob/main/README.md#top-level-cross-site-post-requests (which we're working to turn into a more official WebAppSec WG Note). Top-level cross-site POST requests will continue to carry |
Thx, final question, a bit out of scope: I couldn't find any references to the rumoured link-decoration deprecation write-ups which would break SAML as well, do you have any pointers to that work perhaps? |
The only thing that comes to mind are the bounce tracking mitigations we published some time ago, see https://github.com/privacycg/nav-tracking-mitigations/blob/main/bounce-tracking-explainer.md for an explainer. Would be interesting to know if that's affecting any of your flows. |
Thank you, the information was very helpful but I think I was looking for the linked information called Link decoration and Navigational tracking. |
What are the exact suggested heuristics for 3PC deprecation relief and what is the timeline for deprecating this work-around?
The text was updated successfully, but these errors were encountered: