Ari Chivukula

icon indicating a website link https://chivuku.la icon indicating an email [email protected]

icon company @googlers icon location New York, NY icon location Google Chrome

Results 18 issues of Ari Chivukula

Prevent cross-origin sensitive header probing

8 comment

The goal of this algorithm is to prevent cross-origin requests from probing the size of sensitive headers (`Authorization` or `Cookie`) by adding headers to cross-site requests until the total size...

Merging Client Hints Infrastructure into FETCH (and HTML) Standards

1 comment

The primary conversation/description for this task lives in HTML at whatwg/html#7568. This is a stub because the proposal concerns FETCH too.

topic: client hints

Wildcards in Permissions Policy Origins

2 comment

## Request for position on an emerging web specification * WebKittens who can provide input: @johnwilander ### Information about the spec * Spec Title: Wildcards in Permissions Policy Origins *...

topic: security
venue: W3C Web Application Security WG
from: Google

Consider standardizing 7-day max-age cap for cookies set via JavaScript

2 comment

Two browsers are already doing this ([Safari](https://webkit.org/blog/8613/intelligent-tracking-prevention-2-1/) and [Brave](https://brave.com/privacy-features/#:~:text=Brave%20caps%20the%20life%20of,clear%20cookies%20at%20any%20time.)). It might be worth documenting in the standard.

cookies

Extending Storage Access API (SAA) to non-cookie storage

9 comment

### Title of the spec Extending Storage Access API (SAA) to non-cookie storage ### URL to the spec https://privacycg.github.io/saa-non-cookie-storage/ ### Issue Tracker URL https://crbug.com/1484966 ### TAG Design Review URL https://github.com/w3ctag/design-reviews/issues/906...

topic: privacy
topic: storage
concerns: integration
venue: none / personal repository
from: Google

Opener Protections

### Title of the spec Opener Storage Partitioning ### URL to the spec https://arichiv.github.io/opener-storage-partitioning/ ### URL to the spec's repository https://github.com/arichiv/opener-storage-partitioning/ ### Issue Tracker URL https://crbug.com/1159586 ### TAG Design Review...

Add hasUnpartitionedCookieAccess

6 comment

### Description This is the first of 3 PRs adding spec changes from https://privacycg.github.io/saa-non-cookie-storage/ launching in Chrome 125. ### Motivation hasUnpartitionedCookieAccess is a renaming of hasStorageAccess intended to provide more...

Content:WebAPI
system
size/m

navigator.cookieEnabled in third-party contexts

10 comment

The attribute [navigator.cookieEnabled](https://html.spec.whatwg.org/multipage/system-state.html#cookies) is “true if the user agent attempts to handle cookies according to HTTP State Management Mechanism” according to the spec, and in first-party contexts this holds true...

compat
interop
topic: cookie
privacy-tracker

Add StorageAccessHandle

3 comment

### Description This is the third of 3 PRs adding spec changes from https://privacycg.github.io/saa-non-cookie-storage/ launching in Chrome 125. ### Motivation StorageAccessHandle can be returned by requestStorageAccess when a types argument...

Content:WebAPI
system
size/l

Storage Access API Extension

1 comment

### Proposal Add support for: https://privacycg.github.io/saa-non-cookie-storage/ ### Browser support Chrome 125+ ### Tasks - [ ] hasUnpartitionedCookieAccess - [x] SharedWorker - [ ] requestStorageAccess ### Dependencies _No response_ ### Additional...

needs triage
proposal