You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: tag_self_review.md
+7-7Lines changed: 7 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -3,8 +3,8 @@
3
3
4
4
> 01. What information does this feature expose, and for what purposes?
5
5
6
-
This feature allows SameSite=None cookies to be included in requests to the first party when third-party cookie (3PC) blocking is active. This information is currently available without 3PC Blocking.
7
-
Since this is an opt-in feature the server can decide if the sandboxallow-same-site-none-cookies value would expose information to untrusted contexts.
6
+
This feature allows `SameSite=None` cookies to be included in requests to the first party when third-party cookie (3PC) blocking is active. This information is currently available without 3PC Blocking.
7
+
Since this is an opt-in feature the server can decide if the `sandbox``allow-same-site-none-cookies` value would expose information to untrusted contexts.
8
8
> 02. Do features in your specification expose the minimum amount of information
9
9
> necessary to implement the intended functionality?
10
10
@@ -13,7 +13,7 @@ Yes
13
13
> personally-identifiable information (PII), or information derived from
14
14
> either?
15
15
16
-
The SameSite=None cookies exposed could be part of authentication/session information and derived from PII but these would only be exposed to the first party.
16
+
The `SameSite=None` cookies exposed could be part of authentication/session information and derived from PII but these would only be exposed to the first party.
17
17
> 04. How do the features in your specification deal with sensitive information?
18
18
19
19
N/A
@@ -54,7 +54,7 @@ N/A
54
54
> 14. How does this specification distinguish between behavior in first-party and
55
55
> third-party contexts?
56
56
57
-
The SameSite=None cookies we are exposing are only visible to the first party of sandboxed origins. They will continue to be filtered out of third-party contexts with 3PC blocking
57
+
The `SameSite=None` cookies we are exposing are only visible to the first party of sandboxed origins. They will continue to be filtered out of third-party contexts with 3PC blocking
58
58
> 15. How do the features in this specification work in the context of a browser’s
59
59
> Private Browsing or Incognito mode?
60
60
@@ -71,11 +71,11 @@ No, this restores default behavior while maintaining the existing security prote
71
71
> (instead of getting destroyed) after navigation, and potentially gets reused
72
72
> on future navigations back to the document?
73
73
74
-
The CSP sandbox directive (including this value) is active for the lifetime of a document including if the document was kept alive the BFCache.
75
-
Since the server would have had to send the allow-same-site-none-cookies value in a previous response to include these cookies and they are only being sent to the first-party site, this doesn't seem to be a large concern.
74
+
The CSP `sandbox` directive (including this value) is active for the lifetime of a document including if the document was kept alive the BFCache.
75
+
Since the server would have had to send the `allow-same-site-none-cookies` value in a previous response to include these cookies and they are only being sent to the first-party site, this doesn't seem to be a large concern.
76
76
> 19. What happens when a document that uses your feature gets disconnected?
77
77
78
-
The Content-Security-Policy is delivered on the initial document load so the value would still remain in effect as the CSP is enforced by the browser’s security context. The cookies are stored in the browser and included on requests so a disconnected document wouldn't have access to the cookie store.
78
+
The `Content-Security-Policy` is delivered on the initial document load so the value would still remain in effect as the CSP is enforced by the browser’s security context. The cookies are stored in the browser and included on requests so a disconnected document wouldn't have access to the cookie store.
79
79
> 20. Does your feature allow sites to learn about the users use of assistive technology?
0 commit comments