DescriptionAncestors count towards first-partyness.
We currently set requests' "firstPartyForCookies" property based on the
top-level document's URL. We ought to harden this property to account
for good.com -> evil.com -> good.com ancestor chains.
The top-level 'good.com' should be considered a first-party context.
The nested 'good.com' should not.
This CL adds this behavior behind a runtime flag. If the intent to ship
at [1] is approved, I'll remove the flag in a followup CL.
[1]: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ZvMEJMSU6po/wKWAfpIe6vUJ
BUG=459154
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=193884
Patch Set 1 #Patch Set 2 : Oops. #Patch Set 3 : Tests. #Messages
Total messages: 13 (2 generated)
|