DFPI currently works like this: 1. All storage locations on example.com are partitioned 2. User receives a storage access permission for tracker.example on example.com 3. State covered by the StoragePrincipal is relaxed for tracker.example across the agent cluster. This gives tracker.example in that cluster access to their first-party window.localStorage, etc. 4. All documents from that agent cluster are released 5. The user reloads example.com, forming a new agent cluster. 6. All storage locations are no longer double keyed (including those not covered by he StoragePrincipal) Ideally, it seems like we'll only ever want to drop partitioning for things covered by the StoragePrincipal, rather than everything. Storage locations / browser state not covered by StoragePrincipal should just be permanently double keyed.
Bug 1630687 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
DFPI currently works like this: 1. All storage locations on example.com are partitioned by StoragePrincipal 2. User receives a storage access permission for tracker.example on example.com 3. Everything covered by the StoragePrincipal is relaxed for tracker.example across the agent cluster and all future reloads. 4. This gives tracker.example in that cluster access to their first-party window.localStorage, which is something we'd like. But it also means that other partitioned state (like caches) are no longer partitioned Ideally, it seems like we'll only ever want to drop partitioning for cookies and the Storage APIs, rather than everything. We should define what we'd like to permanently partition.