[Webkit-unassigned] [Bug 225297] New: ITP: Storage on subdomains of the same eTLD+1 is incorrectly partitioned
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 3 03:33:00 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=225297
Bug ID: 225297
Summary: ITP: Storage on subdomains of the same eTLD+1 is
incorrectly partitioned
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mmso at protonmail.com
Created attachment 427549
--> https://bugs.webkit.org/attachment.cgi?id=427549&action=review
Reproduction files
According to https://webkit.org/tracking-prevention/ storage partitions are isolated to the same registerable domain / eTLD+1.
An example is given where
> sub.news.example is considered first-party when loaded under news.example because they are considered to be the same site.
However, this is currently not working and storage for a.news.example gets a unique partition when embedded under news.example. This applies to LocalStorage, SessionStorage and IndexedDB. For cookies it seems to be working as intended (the embedded iframe's cookies are not partitioned off).
I am attaching two .html files on how to reproduce. They are also deployed on https://account.mmso/ and https://app.mmso.se/
This is working on Chrome and Firefox.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210503/86d916c9/attachment.htm>
More information about the webkit-unassigned
mailing list