Open
Description
I'm filing this issue as a continuation of #3338. There was a lot of conceptual discussion in that issue we've moved on from, and I want to discuss concrete steps to merge https://github.com/privacycg/storage-access into HTML here.
There are still a few remaining issues that the SAA editors would like to see resolved before making a PR: https://github.com/privacycg/storage-access/issues?q=is%3Aissue+is%3Aopen+label%3A%22resolve+before+graduation%22
But overall we're close enough that tracking this effort here makes sense, IMO.
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Activity
annevk commentedon May 20, 2025
The initial step towards this involves these Fetch and HTML PRs:
@bvandersloot-mozilla I have now taken a look at all of these, pushed some fixes, and they look good from my perspective, but OP still needs to be updated in most to reflect multi-implementer interest and the testing situation. Could you take care of that?
And as #10990 (comment) reminded me there might also be need for a Storage Access API PR to account for some logic no longer having to be maintained there?
@domenic would you be willing to also review the HTML PRs as they impact navigation to some extent?
johannhof commentedon May 20, 2025
Yes, I believe that's the case. We're still missing all of the API surface. @bvandersloot-mozilla are you interested in upstreaming SAA? Otherwise I can see if someone on my team has cycles (cc @cfredric)
annevk commentedon May 20, 2025
I think for now we need a PR that removes everything from SAA that's now being taken care of by these four PRs. Then subsequently we can have an upstream PR for SAA against HTML that's hopefully mostly moving text across.
johannhof commentedon May 20, 2025
Ah, I misunderstood your comment, but I agree, we can do it in that order.
bvandersloot-mozilla commentedon May 20, 2025
I updated the comment to reflect interest from 3 engines, and point to https://wpt.fyi/results/cookies/samesite for tests. @annevk: do you think we should improve coverage over what is in that folder? Given the amount of failures in that folder I don't know if we should rely upon it to be actually testing what we want/have written
bvandersloot-mozilla commentedon May 22, 2025
Filed privacycg/storage-access#217 which should be merged along side the others to prevent Storage Access API build bustage
bvandersloot-mozilla commentedon May 27, 2025
We've noticed that whatwg/fetch#1807 no longer uses the work in #10990. We'll still need it eventually for Storage Access API upstreaming, but it doesn't need to happen at the same time as the others (and the same is then true of privacycg/storage-access#217).
Add new environment settings object field for cookie layering work
bvandersloot-mozilla commentedon Jun 3, 2025
We now have approvals on the following HTML PRs:
Unfortunately, this surfaced that we probably need a small PR to ServiceWorkers as well to update another ESO definition:
I think if we get a "directionally correct" on that ServiceWorker PR and @annevk signs off on the Fetch PR, we are at a good place to land at least the (then) three approved PRs and celebrate a milestone.
bvandersloot-mozilla commentedon Jun 6, 2025
Following up: the Service Worker patch should be good to go, modulo non-normative note wording. That leaves getting the Fetch PR squared away, and we are ready to finish the cookie layering component!