From 39314ac83cf923d5374c888fd5b076333e5e9ba8 Mon Sep 17 00:00:00 2001 From: cfredric Date: Fri, 18 Aug 2023 12:50:47 -0400 Subject: [PATCH 1/2] Add note about pausing network requests to spec This PR is a companion to #169. --- spec.bs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index ad523db..2ab8f49 100644 --- a/spec.bs +++ b/spec.bs @@ -259,7 +259,9 @@ For providing access to cross-site cookies, this specification aims to ensure co Developers may submit changes to their sets to add or remove sites. Since membership in a set could provide access to cross-site cookies via automatic grants of the [[STORAGE-ACCESS]], we need to pay attention to these transitions so that they don’t link user identities across all the FPSs they’ve historically been in. In particular, we must ensure that a domain cannot transfer a user identifier from one First-Party Set to another when it changes its set membership. While a set member may not always request and be granted access to cross-site cookies, for the sake of simplicity of handling set transitions, we propose to treat such access as always granted. -For this reason, this specification requires user agents to clear any site data and storage-access permissions of a given site when a site is removed from a set. +For this reason, this specification requires user agents to clear any site data and storage-access permissions of a given site when a site is removed from a set, before starting any fetches that rely on those permissions or site data. + +Note: most fetches do not depend on data that needs to be cleared, so browsers should try to optimize for request latency.

Security Considerations

From a319bb83237137724121290f7d4122374223428f Mon Sep 17 00:00:00 2001 From: Johann Hofmann Date: Mon, 21 Aug 2023 09:52:06 +0200 Subject: [PATCH 2/2] Update spec.bs --- spec.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec.bs b/spec.bs index 2ab8f49..a961856 100644 --- a/spec.bs +++ b/spec.bs @@ -261,7 +261,7 @@ Developers may submit changes to their sets to add or remove sites. Since member For this reason, this specification requires user agents to clear any site data and storage-access permissions of a given site when a site is removed from a set, before starting any fetches that rely on those permissions or site data. -Note: most fetches do not depend on data that needs to be cleared, so browsers should try to optimize for request latency. +Note: Most fetches do not depend on data that needs to be cleared, so user agents are advised to optimize for request latency.

Security Considerations