You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the time of writing this, workers always use their own origin as their site for cookies, regardless of the context they are registered in. This will change when browsers ship storage partitioning, and service workers will derive their site for cookies from their storage key instead of the worker origin. This is a nice improvement to service workers since it prevents workers registered in 3P contexts from becoming SameSite leaks.
Given this effort, I think that it makes sense to specify somehow that partitioned cookies should use the service worker's storage key, not the worker origin, to compute the cookie partition key.
The text was updated successfully, but these errors were encountered:
At the time of writing this, workers always use their own origin as their site for cookies, regardless of the context they are registered in. This will change when browsers ship storage partitioning, and service workers will derive their site for cookies from their storage key instead of the worker origin. This is a nice improvement to service workers since it prevents workers registered in 3P contexts from becoming SameSite leaks.
Given this effort, I think that it makes sense to specify somehow that partitioned cookies should use the service worker's storage key, not the worker origin, to compute the cookie partition key.
The text was updated successfully, but these errors were encountered: