Skip to content

Commit 4ae582e

Browse files
authored
Update tag_self_review.md
1 parent 3f1ea33 commit 4ae582e

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

tag_self_review.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@
33

44
> 01. What information does this feature expose, and for what purposes?
55
6-
This feature allows SameSite=None cookies to be included in requests to the first party when third-party cookie (3PC) blocking is active. This information is currently available without 3PC Blocking.
7-
Since this is an opt-in feature the server can decide if the sandbox allow-same-site-none-cookies value would expose information to untrusted contexts.
6+
This feature allows `SameSite=None` cookies to be included in requests to the first party when third-party cookie (3PC) blocking is active. This information is currently available without 3PC Blocking.
7+
Since this is an opt-in feature the server can decide if the `sandbox` `allow-same-site-none-cookies` value would expose information to untrusted contexts.
88
> 02. Do features in your specification expose the minimum amount of information
99
> necessary to implement the intended functionality?
1010
@@ -13,7 +13,7 @@ Yes
1313
> personally-identifiable information (PII), or information derived from
1414
> either?
1515
16-
The SameSite=None cookies exposed could be part of authentication/session information and derived from PII but these would only be exposed to the first party.
16+
The `SameSite=None` cookies exposed could be part of authentication/session information and derived from PII but these would only be exposed to the first party.
1717
> 04. How do the features in your specification deal with sensitive information?
1818
1919
N/A
@@ -54,7 +54,7 @@ N/A
5454
> 14. How does this specification distinguish between behavior in first-party and
5555
> third-party contexts?
5656
57-
The SameSite=None cookies we are exposing are only visible to the first party of sandboxed origins. They will continue to be filtered out of third-party contexts with 3PC blocking
57+
The `SameSite=None` cookies we are exposing are only visible to the first party of sandboxed origins. They will continue to be filtered out of third-party contexts with 3PC blocking
5858
> 15. How do the features in this specification work in the context of a browser’s
5959
> Private Browsing or Incognito mode?
6060
@@ -71,11 +71,11 @@ No, this restores default behavior while maintaining the existing security prote
7171
> (instead of getting destroyed) after navigation, and potentially gets reused
7272
> on future navigations back to the document?
7373
74-
The CSP sandbox directive (including this value) is active for the lifetime of a document including if the document was kept alive the BFCache.
75-
Since the server would have had to send the allow-same-site-none-cookies value in a previous response to include these cookies and they are only being sent to the first-party site, this doesn't seem to be a large concern.
74+
The CSP `sandbox` directive (including this value) is active for the lifetime of a document including if the document was kept alive the BFCache.
75+
Since the server would have had to send the `allow-same-site-none-cookies` value in a previous response to include these cookies and they are only being sent to the first-party site, this doesn't seem to be a large concern.
7676
> 19. What happens when a document that uses your feature gets disconnected?
7777
78-
The Content-Security-Policy is delivered on the initial document load so the value would still remain in effect as the CSP is enforced by the browser’s security context. The cookies are stored in the browser and included on requests so a disconnected document wouldn't have access to the cookie store.
78+
The `Content-Security-Policy` is delivered on the initial document load so the value would still remain in effect as the CSP is enforced by the browser’s security context. The cookies are stored in the browser and included on requests so a disconnected document wouldn't have access to the cookie store.
7979
> 20. Does your feature allow sites to learn about the users use of assistive technology?
8080
8181
No

0 commit comments

Comments
 (0)