@jeremyroman I am not sure if I fully understand what your script is trying to do, sorry. I think you are suggesting that webpages which could be modified to request storage access when promoted from a portal to top level, and that access could be always granted and without the need for a user action or user consent. This wouldn't confuse those pages with unexpected mixes of storage. But it also wouldn't work in unmodified webpages. They would end up always stuck on restricted/partioned storage even after promotion, even in this implied proposal. Remaining stuck on the partitioned storage is also a privacy risk, because it would give what appears to be a top level page access to a partitioned storage in a particular domain. A site could rewrite itself to always use immediately activated portals to effectively gain cross-site tracking capability. The one thing I can think of that might work for privacy purposes is to completely deny all storage access (even cookies) while in the portal, but allow the site to request storage access on activation as you suggest. I am not sure of the web compatibility of this approach. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/331#issuecomment-463301295
Received on Wednesday, 13 February 2019 17:59:06 UTC