Allow storage in 1p iframes, regardless of the relative parents of that 1p iframe #9105
Labels
closed/fixed-by-component-update
feature/cookies
pr/pending-review
QA/No
release-notes/include
webcompat/not-shields-related
Sites are breaking because of something other than Shields.
Milestone
Currently storage is blocked in 3p frames, where 3p-ness is determined relative to the parent frame. So, all the following are true:
3p frames get no storage
same origin frames get storage
frames that have the same origin as the top level document, but are embedded in a 3p frame, also don't get storage.
This breaks some sites, specially wordpress's dashboard, which has the following pattern
We can unbreak wordpress here by changing the storage rule to being: frames get storage if they're the same eTLD+1 as the top level document, regardless of immediate parent document.
This doesn't add any direct privacy loss, but as a side effect of unbreaking sites, might also re-enable some privacy harming flows.
Related: #9064
The text was updated successfully, but these errors were encountered: