[Webkit-unassigned] [Bug 210598] New: Cannot disable Javascript access to cookies or local storage
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 16 05:52:50 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210598
Bug ID: 210598
Summary: Cannot disable Javascript access to cookies or local
storage
Product: WebKit
Version: WebKit Nightly Build
Hardware: iPhone / iPad
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit API
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rkgibson at google.com
Chrome on iOS wants to improve our settings around cookie blocking, especially around third party cookies. We would like to allow users to block cookies or third-party cookies on some or all domains so users have more control over their own privacy.
Currently, the Content Blocker API allows us to do most of this, but it only affects requests. There is no API to block Javascript access to cookies and other local storage. Using just the Content Blocker rules to block cookies on foo.com would still allow Javascript on that page access. Similarly, blocking third-party cookies would still allow a third party iframe to access cookies via Javascript.
There are injectable Javascript solutions (e.g. 207545) that can disable access, but these are difficult to control (i.e. only block on specific urls or only block on iframes with certain top urls).
We could introduce these settings if we were given a way to disable access to cookies and local storage on a per-frame basis, depending on the url/origin of the frame and the top url.
Radar filed at 7665762
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200416/fd7c6f93/attachment.htm>
More information about the webkit-unassigned
mailing list