Sorry for backracking on this, but we just discussed the prompts in our anti-tracking meeting and think that option 4) or 4b) from Anne (in Comment 41) are best, because: - "Cross-site" could imply that the requestor is getting access to *all* "foreign" cookies, no just its own cross-site cookies - The scope that applies to the grant is unclear, it's just on oldnavy.com - This could work better with potential out-of-scope grants e.g. as proposed in https://github.com/privacycg/storage-access/issues/83#issuecomment-877310438 where the target origin (the scope) isn't visible in the URL bar. Meridel, Arthur, would you be okay with either option 4) or 4b)? Which do you prefer?
Bug 1706425 Comment 43 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Sorry for backtracking on this, but we just discussed the prompts in our anti-tracking meeting and think that option 4) or 4b) from Anne (in Comment 41) are best, because: - "Cross-site" could imply that the requestor is getting access to *all* "foreign" cookies, no just its own cross-site cookies - The scope that applies to the grant is unclear, it's just on oldnavy.com - This could work better with potential out-of-scope grants e.g. as proposed in https://github.com/privacycg/storage-access/issues/83#issuecomment-877310438 where the target origin (the scope) isn't visible in the URL bar. Meridel, Arthur, would you be okay with either option 4) or 4b)? Which do you prefer?