Remove no-Domain requirement #46
Conversation
|
@bvandersloot-mozilla FYI if you'd like to review this change on Mozilla's behalf, I am unable to add you as a reviewer in the GH tool. |
| @@ -45,7 +44,7 @@ For more information about the design of the Origin-Trial, see the [documentatio | |||
| - [Third-party customer support widgets](#third-party-customer-support-widgets) | |||
| - [CDN load balancing](#cdn-load-balancing) | |||
| - [How to enforce design principles](#how-to-enforce-design-principles) | |||
| - [Partitioned cookies must use the `__Host-` prefix](#partitioned-cookies-must-use-the-__host--prefix) | |||
| - [`Secure` and `Path` attributes](#secure-and-path-attributes) | |||
There was a problem hiding this comment.
Does forcing Secure and Path also cause breakage? I'm fine with them being required if not. I really don't expect Secure to, but am less certain on Path.
There was a problem hiding this comment.
We have not gotten any feedback from partners about breakage due to the Secure requirement, so I am inclined to keep it.
As for Path, the Path=/ requirement is really an artifact of requiring the __Host- prefix. I opened #47 to open a discussion about requiring that CHIPS not be bound to any particular URL path.
There was a problem hiding this comment.
FYI, with the SameSite-by-default cookies change (which has been rolled out to Chrome, and I believe is likely to be rolled out on Firefox soon as well), all cross-site cookies already require the Secure attribute. Given that, it is unlikely that the CHIPS requirement will cause breakage.
After discussing #43 in the call today, we decided that the no-Domain requirement will be removed from CHIPS to help ease the adoption of partitioned cookies and the removal of unpartitioned third-party cookies.