You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the time of writing this, the explainer currently states that browsers give top-level sites the ability to clear third parties' cookies by sending a Clear-Site-Data header.
In other words, say example[1-10].com set cookies under toplevel.com's partition. Then toplevel.com could send a Clear-Site-Data header in a response which would clear all of example[1-10].com's cookies in the toplevel.com partition.
I am opening this issue because I am less convinced that this is functionality is either necessary or a good idea.
@annevkmentioned in the storage partitioning repo that this could allow malicious first parties to interfere with code running on third-party frames.
The text was updated successfully, but these errors were encountered:
At the time of writing this, the explainer currently states that browsers give top-level sites the ability to clear third parties' cookies by sending a Clear-Site-Data header.
In other words, say
example[1-10].comset cookies undertoplevel.com's partition. Thentoplevel.comcould send a Clear-Site-Data header in a response which would clear all ofexample[1-10].com's cookies in thetoplevel.compartition.I am opening this issue because I am less convinced that this is functionality is either necessary or a good idea.
@annevk mentioned in the storage partitioning repo that this could allow malicious first parties to interfere with code running on third-party frames.
The text was updated successfully, but these errors were encountered: