Chrome nettleser, Nyheter

Participate in deprecation trial for unpartitioned third-party storage, Service Workers, and Communication APIs

Beginning gradually in Chrome 113,
storage, service workers, and communication APIs will be
partitioned in third-party contexts.
In addition to being isolated by the same-origin policy, the affected APIs used
in third-party contexts would also be separated by the site of the top-level
context. Sites that haven’t had time to implement support for third-party
storage partitioning can take part in a deprecation trial to temporarily
unpartition (continue isolation by same-origin policy but remove isolation
by top-level site) and restore prior behavior of storage, service workers, and
communication APIs in content embedded on their site.

In addition to a general unpartitioning deprecation trial, it’s possible to
participate in a focused deprecation trial just for window.sessionStorage.
This trial is available due to a need for some sites to migrate their Firebase
signInWithRedirect flow. For more information on that migration see
this article.

Available deprecation trials

Starting in Chrome 112 Beta, we’ll
open up two deprecation trials:

  1. DisableThirdPartyStoragePartitioning:
    allows a top-level site to unpartition (temporarily remove isolation by
    top-level site) in storage, service workers, and communication APIs in
    third-party content embedded on its pages.
  2. DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning:
    allows a site to unpartition sessionStorage across navigations.

These will enable sites to discover and fix problems before third-party
partitioning begins its rollout process in Chrome 113.

Below is an overview of the deprecation trial and what to expect. If you have
feedback to share or you experience any issues throughout this trial let us know
in the
Partitioned Storage Deprecation Trial Github repository.

DisableThirdPartyStoragePartitioning

The following APIs will remain unpartitioned in third-party contexts should you
enroll the top-level site in the DisableThirdPartyStoragePartitioning
deprecation trial:
Storage APIs
(such as localStorage, sessionStorage, IndexedDB, Quota, and other),
Communication APIs
(such as BroadcastChannel, SharedWorkers, and WebLocks), and
ServiceWorker API.

Caution

For this DisableThirdPartyStoragePartitioning trial, the origin trial token must be included via an HTML <meta> tag and not an Origin-Trial HTTP header.

Example:

Storage partitioning diagram

For a more detailed explanation, check out the
project explainer.

DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning

If you enroll in the
DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning
deprecation trial, navigating a tab to an enrolled origin will cause all
cross-site iframes of that same origin to remain unpartitioned only for
Window.sessionStorage and only for the lifetime of that particular tab.
Whereas the DisableThirdPartyStoragePartitioning deprecation trial affects all
third-party contexts embedded within the enrolled origin, the
DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning
deprecation trial instead registers a given origin to receive unpartitioned
access when embedded in third-party contexts.

The DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning trial will work via HTML <meta> or an Origin-Trial HTTP header.

Example:

Storage partitioning diagram after general paritoning.

What does this mean for web developers?

Sites should audit their usage of unpartitioned storage, service worker, and
communication APIs in third-party contexts, and, if needed, prepare for
third-party partitioning before these deprecation trials expire. The intent is
to expire these deprecation trials with Chrome 123, ending on May 2, 2024.

To instruct the browser to unpartition storage in third-party content embedded
on its pages, top-level sites need to register for one or both of the
deprecation trials and add the corresponding trial token(s) to their HTTP
response headers (see detailed example below).

Each deprecation trial is available on Windows, Mac, Linux, Chrome OS, Android,
and Android WebView.

Participate in the deprecation trials

The following is a brief overview of how to participate in one or both of the
deprecation trials. For more detailed instructions, visit
Get started with origin trials.

  1. Launch Chrome version 112 (or later) and ensure the
    ThirdPartyStoragePartitioning
    flag is enabled.
  2. Verify that the behavior of third-party content embedded in your
    top-level site is broken by storage partitioning (if not, then no need to
    participate in the Deprecation Trials).
  3. Register for the deprecation trial and get a token for your domains by
    visiting the following:

    1. For a top-level site to unpartition storage, service workers,
      and communication APIs in its third-party embedded content:
      (/origintrials/#/view_trial/-8517432795264450559)
    2. For a top-level site to unpartition sessionStorage across
      navigations:
      (/origintrials/#/view_trial/3444127815031586817)
  4. Add an origin trial token to your page:
    1. For the DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning trial you may add an Origin-Trial: <DEPRECATION TRIAL TOKEN> to your top-level site’s HTTP response header, where <DEPRECATION TRIAL TOKEN> contains the token you got when registering for the deprecation trial. You can also do this via HTML ` tag.
    2. For the DisableThirdPartyStoragePartitioning trial, the token must be given via an HTML <meta> tag. The HTTP header method is not supported.
  5. Load your website in Chrome 112 Beta (or later) with
    ThirdPartyStoragePartitioning still enabled and verify that any
    partitioning related issues have been properly mitigated.
  6. To stop participating in the deprecation trial simply remove the header
    you added in step 2.

These deprecation trials do not support the
third-party origin trials
feature. The enrollee must be the top-level site for
DisableThirdPartyStoragePartitioning, and for
DisableThirdPartySessionStoragePartitioningAfterGeneralPartitioning the
enrollee must have been the top-level site at some point in the lifetime of a
given tab. The guide to
troubleshooting Chrome’s origin trials
provides a full checklist for ensuring your token is correctly configured.

Share feedback

Please submit any feedback or issues you encounter to the
Partitioned Storage Deprecation Trial Github repository.

This post is also available in: English

author-avatar

About Aksel Lian

En selvstendig full stack webutvikler med en bred variasjon av kunnskaper herunder SEO, CMS, Webfotografi, Webutvikling inkl. kodespråk..