{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":464493952,"defaultBranch":"main","name":"storage-access","ownerLogin":"bvandersloot-mozilla","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2022-02-28T13:31:05.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/90582190?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1669836187.699425","currentOid":""},"activityList":{"items":[{"before":"f6e5261172b5baa210c664936bab16f8ef80b887","after":"3f6de1eb941e36d6528ef71a13608d7273b30c11","ref":"refs/heads/main","pushedAt":"2023-05-31T18:04:03.536Z","pushType":"push","commitsCount":2,"pusher":{"login":"bvandersloot-mozilla","name":null,"path":"/bvandersloot-mozilla","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/90582190?s=80&v=4"},"commit":{"message":"Move Note and Issues in lists over to fix step numbering","shortMessageHtmlLink":"Move Note and Issues in lists over to fix step numbering"}},{"before":"2b901c687acfdc45516190c9773a3bee35c3d9dc","after":"f6e5261172b5baa210c664936bab16f8ef80b887","ref":"refs/heads/main","pushedAt":"2023-05-22T11:41:17.986Z","pushType":"push","commitsCount":1,"pusher":{"login":"bvandersloot-mozilla","name":null,"path":"/bvandersloot-mozilla","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/90582190?s=80&v=4"},"commit":{"message":"Specify behavior in A > * > A scenarios (#169)\n\nThis commit tries to make rSA and hSA match the reality of cookie\r\nblocking browsers perform in edge cases such as A > A and A > B > A. I\r\nthink all browsers perform a same site check, so moving away from same\r\norigin makes sense. Additionally, Chrome will block cookies based on the\r\n\"site for cookies\" whereas Firefox and Safari don't. We plan to discuss\r\nthis behavior separately and can hopefully align eventually.\r\n\r\nAs discussed with the other editors, we agree that it still makes sense\r\nfrom a privacy perspective to automatically grant storage access in a\r\nsame site scenario, since the \"site for cookies\" check is for security\r\nonly. This could previously lead to inconsistencies in browsers that\r\nblock cookies based on \"site for cookies\", as hSA would return true and\r\nrSA would resolve automatically without storage access ever being\r\ngranted in an ABA case. This commit fixes that by explicitly setting the\r\n\"has storage access\" bit after a successful same-site check in rSA.\r\n\r\nI'm referencing the in-progress \"authority\" concept on advice of\r\n@annevk.\r\n\r\n---------\r\n\r\nCo-authored-by: Anne van Kesteren <annevk@annevk.nl>","shortMessageHtmlLink":"Specify behavior in A &gt; * &gt; A scenarios (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1625236110\" data-permission-text=\"Title is private\" data-url=\"https://github.com/privacycg/storage-access/issues/169\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/privacycg/storage-access/pull/169/hovercard\" href=\"https://github.com/privacycg/storage-access/pull/169\">privacycg#169</a>)"}},{"before":"7908c22170f4f4c4f65778b5097a00c78bc5cd3c","after":"2b901c687acfdc45516190c9773a3bee35c3d9dc","ref":"refs/heads/main","pushedAt":"2023-05-08T11:51:42.886Z","pushType":"push","commitsCount":13,"pusher":{"login":"bvandersloot-mozilla","name":null,"path":"/bvandersloot-mozilla","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/90582190?s=80&v=4"},"commit":{"message":"Editorial: Fix permission key example\n\nI missed this previously added example through auto-rebase. Replacing it\nwith the correct instance now.","shortMessageHtmlLink":"Editorial: Fix permission key example"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADOBBcAAA","startCursor":null,"endCursor":null}},"title":"Activity · bvandersloot-mozilla/storage-access"}