-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Age Out Of Granted Storage Access #5
Comments
Agreed, leaving this specifiable by the implementer makes sense to me. Even within Chromium there may be different embedders that wish to have different time constraints on these grants. |
That sounds fine to me as well. BTW I updated that wiki page to fix the description of Safari's behaviour, apologies for our mistake! |
I added a section called "Scope of Storage Access" in 32e1d3f. As noted there, if storage is frame-specific, it's not clear how age-out beyond the lifetime of the page (or iframe) could work. |
Resetting the expiration based on successful usage seems like it would solve #8 and would prevent people from having to login every 30 days. Would we be willing to add something to the spec about that or would that also be up to the implementation? |
WebKit’s implementation already does this, for that reason. Granted storage access through the Storage Access API counts as user interaction as first party (=renews the time stamp) in the eyes of ITP. Since I don’t think any other browser is deleting website data based on user interaction like ITP (true?), I’ve been reluctant to add such details. I’ll add such a section if there is interest from other implementers. |
On Firefox side we would like to suggest automatically renewing storage access in any of the following cases:
We could standardize on these (the renewal mechanism) and leave the expiry mechanism (after x days of y kind of usage) implementor-specific. Note that in Firefox "losing storage access" is technically a different thing than getting storage "purged" through the deletion mechanisms that both Firefox and Safari implement. However, the criteria for the two events are essentially the same (no user interaction in 45 days) and they are somewhat coupled in our code base. So this is very similar to Safari now, to the point where it might make for a good developer experience to call out the deletion mechanism explicitly. |
I think this is good. Two notes:
That should ensure that interaction in a cross-site iframe counts as first party interaction if the interaction either results in storage access or happens during storage access.
|
Your assumption is correct. A user deny will not count here.
I don't see how this alternative is different. If you are renewing a permission, isn't it required that the iframe already has the storage access granted? We added the changes suggested by @johannhof to our implementation in Firefox, shipped in Firefox 97. |
Standardizing the "renewal" mechanism (which we should still do) is somewhat blocked on #121 as that would tell us how to tell the browser to renew the permission or storage access map. |
Mozilla's documentation on differences between Safari's and Firefox's implementation covers the difference explained below albeit with a slightly incorrect description of Safari's behavior.
Safari: Granted storage access is aged out when website data is deleted by the tracking prevention feature itself which triggers after 30 days of Safari use without user interaction. Successful use of the Storage Access API resets that counter.
Firefox: Granted storage access is aged out after 30 calendar days regardless of usage patterns.
I don't think the age out is a crucial part of the API so I'm fine leaving it as a browser choice in the spec.
The text was updated successfully, but these errors were encountered: