[Webkit-unassigned] [Bug 273193] Safari Intelligent Tracking Prevention is breaking same-site cross-subdomain sync for Transcend Consent Manager
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 26 10:18:16 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=273193
Matthew Finkel <m_finkel at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #10 from Matthew Finkel <m_finkel at apple.com> ---
Hi Eli,
Thanks again for these details. I refreshed my memory on how we partition localstorage, and we do disable partitioning when Safari's "Prevent cross-site tracking" setting is disabled. This explains why the data is available within the same site.
I also tested this in Safari 16.4 and 16.1, and I do not see this syncing behavior working there, either.
As John mentioned, Safari/WebKit have partitioned by origin since 2013, so it is incorrect to say that Safari is exhibiting incorrect behavior, later Firefox and Chrome chose a different and more relaxed site boundary.
We're still investigating ways to help developers safely share data within the same site. Using postMessage may be one alternative in the mean time.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240426/6b2a0b88/attachment.htm>
More information about the webkit-unassigned
mailing list