[Webkit-unassigned] [Bug 213502] [GTK][WPE] Change the cookies accept policy when ITP is enabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 3 08:06:41 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=213502
--- Comment #19 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Carlos Garcia Campos from comment #18)
> It doesn't matter, the storageAccess tests I mentioned would still fail,
> because no-third-party is the default, so setting the cookie after granted
> by storage access is rejected by the cookies jar. That's exactly what this
> bug is about.
Er, OK, but then if Apple is also using no-third-party by default... then the tests should be failing for it too... but they're not?
> Or maybe I don't understand the different ThirdPartyCookieBlockingMode, but
> I'm pretty sure we want to use All unconditionally, otherwise we would be
> less restrictive than before.
Right, we definitely want to use All unconditionally in our API. But when running tests, we want to use whatever Apple uses when running tests.
I think OnlyAccordingToPerDomainPolicy means block third-party cookies for *prevalent* domains (domains classified as trackers). I don't think it means "just follow the cookie accept policy." I guess that mode will probably be removed eventually since Google figured out it could be used as a supercookie by manipulating WebKit into classifying certain domains as trackers, similar to HSTS abuse.
I'm not sure if AllOnSitesWithoutUserInteraction was ever shipped by Safari, but it's obsoleted by All.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200703/a18fb747/attachment.htm>
More information about the webkit-unassigned
mailing list