Ari Chivukula
Ari Chivukula
There is a new expansion of this proposal, specifically: Subdomain wildcards in allowlists provided some valuable flexibility, but differed from existing wildcard parsers and required novel code and spec work....
The spec change landed: https://github.com/w3c/webappsec-permissions-policy/pull/516 And 2/3 of the CSP issues highlighted by @annevk have been addressed. As I pursue chrome launch are there any objections from WebKit we should...
Should this be a client hint or just a permissions policy? If it's for subresource requests only then any page could set a permissions policy that delegated the header to...
I see, then I'll suggest something slightly different. That (1) a permissions policy delegated to * by default is added and (2) if the attribute in the sub-resource indicates (and...
I'm not sure I understand your pattern of usage and embedding well enough to say definitively, but this blog post outlines what SAA offers and has some demo code: https://developers.google.com/privacy-sandbox/blog/saa-non-cookie-storage
If a.com, b.com, and c.com are in the same RWS, and both a.com and b.com embed an iframe of c.com, then those iframes of c.com could use SAA to access...
To my knowledge storage partitioning does not impact the availability of window.postMessage
Wanted to give a heads up that the Storage Access API extension OT is adding Shared Worker support in M123: https://developers.google.com/privacy-sandbox/blog/saa-non-cookie-storage
The supported solutions for client hint request/delegation are the [Accept-CH http header](https://wicg.github.io/client-hints-infrastructure/#accept-ch-cache-definition) and [Permissions-Policy http header](https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-http-header-field) -and/or- the [Delegate-CH meta tag](https://wicg.github.io/client-hints-infrastructure/#delegate-ch-algo). The Accept-CH meta tag is legacy syntax. There is...
The only way for client hints (other than the [default 4 low entropy hints](https://wicg.github.io/client-hints-infrastructure/#low-entropy-table)) to be included on navigation for a top-level frame is to use both Accept-CH and Critical-CH...