-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
navigator.cookieEnabled in third-party contexts #10256
Comments
When we discussed privacycg/storage-access#171 I think I assumed 5. It seems a bit weird if |
I think there's still a question of whether
If we choose the first bullet, every modern browser would return true unconditionally, IIUC. Is an API that always returns true especially useful? I'm not sure that that's the best option here. (It may be that that's the only viable option based on existing usage, though. It's plausible that this API is a relic from another time, and has lost its utility but has enough usage that it must still exist.) |
I guess the specification doesn't explicitly mention end user preferences, but that's what I would expect to be taken into account. In particular because of "and false if it ignores cookie change requests" (which is true if the end user has disabled cookies for that website or in general). |
I think I'm in camp "Build a better alternative that reflects the complexity of the situation and then fully deprecate and remove navigator.cookieEnabled". A lot of the discussions and misunderstandings we're having here are due to the overly simplistic nature of a single boolean for expressing cookie blocking / partitioning rules. I like where Ari's "Cookie (Storage?) Capabilities API" idea is going, though I think it should include an HTTP request header variant to also solve the problem outlined in privacycg/storage-partitioning#32 |
Just to be sure @annevk, you're speaking as a spec editor here right? If so, is there a position that WebKit has you could share? I'm asking as WebKit, to my understanding, returns true in third-party contexts where no cookies could be set (at least prior to some call to requestStorageAccess). I'm not trying to argue WebKit is uniquely inconsistent for doing this, there are edge cases in Chrome where true is returned despite cookies not being settable, just trying to see if there is some common ground vendors could implement after a spec change or if this API will remain an 'agree to disagree' area. |
Ditto. Given that this hangs on navigator, I would expect this has to do with the cookie settings for a given UA, not with the context being used. So I would expect it to be true unless a user-preference to disable cookies has been set. If I follow that is what Safari does, and is a reasonable interpretation of the spec. |
It seems we all basically agree on what the spec currently says, but given Safari seems to align while Chrome and Firefox differ, do any of us feel the spec should say something else? Put another way, @bvandersloot-mozilla do you think cookieEnabled should return true in Firefox in 3p contexts where unpartitioned cookie access is blocked (yet the browser/origin-level cookie setting is enabled)? Or should the spec change? |
Not sure what you mean by "(yet the browser/origin-level cookie setting is enabled)" but I agree with " cookieEnabled should return true in Firefox in 3p contexts where unpartitioned cookie access is blocked" generally. |
I have metrics in chrome M125 to measure usage of cookieEnabled in third-party contexts. Once I have some data from that I'll write up a proposal to align Chrome with the spec as it currently exists instead of proposing a change to the spec. The timeline for that might be quite long depending on usage. |
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
Chromium change: commit 2c885728f29b653f404e6a42da86b19e055def72 Author: Ari Chivukula <[email protected]> Date: Mon May 6 20:03:59 2024 +0000 [CookieEnabled] Align with spec navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible. whatwg/html#10256 https://chromestatus.com/feature/6227655153418240 https://groups.google.com/a/chromium.org/g/blink-dev/c/xU3gTW4aTfg Bug: 335553590 Change-Id: I6cc1f2a9caea6220b6f85240ae9875a65a91d179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5464207 Commit-Queue: Daniel Cheng <[email protected]> Auto-Submit: Ari Chivukula <[email protected]> Reviewed-by: Jonathan Njeunje <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Cr-Commit-Position: refs/heads/main@{#1297071}
The attribute navigator.cookieEnabled is “true if the user agent attempts to handle cookies according to HTTP State Management Mechanism” according to the spec, and in first-party contexts this holds true cross-browser (though sometimes ‘true’ is returned even where trying to use document.cookie would throw an exception). More than 40% of sites loaded in Chrome use this API in some context.
In third-party contexts the functionality diverges. Safari returns true if the browser has cookies enabled, even though Safari has blocked cookies in third-party contexts since 2020. In Firefox and Chromium-based browsers the attribute is false in third-party contexts if unpartitioned cookie access is blocked.
What should we do about this divergence? There are a few potential paths:
undefined
, but that the meaning is undefined) and/or deprecated.false
in third-party contexts.true
in third-party contexts.true
is returned if and only if access to unpartitioned cookies is possible.Regardless of which path is taken, we should push developers to consider using document.hasStorageAccess() which is available cross-browser and behaves consistently (returns true if unpartitioned cookies are accessible in a third-party context). Although this is not a 1:1 replacement, distilling all of the context needed on which kinds of cookies can or cannot be distilled into a single boolean In many cases developers may need to attempt usage of document.cookie itself to understand the lay of the land (as some already do).
Independently (not in scope for this proposal, but worth contemplating)
It would be nice if information about what ‘Cookie Rules’ exist in a given context were available. Cookies have many possible attributes, and different browsers have different requirements around when cookies can be set. For example: in Chrome it’s not possible to set
SameSite=None
withoutSecure
, in Safari setting a persistent cookie via JavaScript caps theMax-Age
to 7 days, and if CHIPs is required then third-party contexts can only set cookies with thePartitioned
attribute. It seems likely based on divergent approaches by vendors that the set of requirements and limitations placed on cookies set in different contexts will only increase. It may be worth taking time to build a cross-browser API that exposes this information in some format. One could imagine a W3C Specification with an append-only enum of discrete rules a given context had to respect to use cookies. For example a developer could call something likedocument.getCookieRules()
and check: if the resulting list contained thePARTITIONED_REQUIRED
to know if cookies had to be partitioned to be set/read or ifHTTPONLY_REQUIRED
to know that cookies can only be set/read via HTTP Header and not in JavaScript.The text was updated successfully, but these errors were encountered: