[Webkit-unassigned] [Bug 210598] New: Cannot disable Javascript access to cookies or local storage

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=210598

            Bug ID: 210598
           Summary: Cannot disable Javascript access to cookies or local
                    storage
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: iPhone / iPad
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit API
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rkgibson at google.com

Chrome on iOS wants to improve our settings around cookie blocking, especially around third party cookies. We would like to allow users to block cookies or third-party cookies on some or all domains so users have more control over their own privacy. 

Currently, the Content Blocker API allows us to do most of this, but it only affects requests. There is no API to block Javascript access to cookies and other local storage. Using just the Content Blocker rules to block cookies on foo.com would still allow Javascript on that page access. Similarly, blocking third-party cookies would still allow a third party iframe to access cookies via Javascript.

There are injectable Javascript solutions (e.g. 207545) that can disable access, but these are difficult to control (i.e. only block on specific urls or only block on iframes with certain top urls).

We could introduce these settings if we were given a way to disable access to cookies and local storage on a per-frame basis, depending on the url/origin of the frame and the top url.

Radar filed at 7665762

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200416/fd7c6f93/attachment.htm>