[Webkit-unassigned] [Bug 189580] Intelligent Tracking Prevention 2 for Single sign-on
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 27 06:35:28 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=189580
--- Comment #4 from John Wilander <wilander at apple.com> ---
(In reply to Ed from comment #3)
> Do I understand correctly that CORS requests with credentials (which seems
> to be a part of standard - https://www.w3.org/TR/cors/ ) from example.com to
> another-example.com will NEVER work?
If another-example.com is third-party and has been classified as having tracking abilities, then no, cookies will be blocked. To be able to call the Storage Access API, you need your own execution context, i.e. an iframe from another-example.com. If the user grants access, it opens up for that iframe.
However, the word never is too strong. We are working with Mozilla to get the Storage Access API standardized. As part of that, access rules may change. That’s in part why feedback like this bug is important.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180927/655999ab/attachment.html>
More information about the webkit-unassigned
mailing list