[whatwg/encoding] @johnwilander This is a really elegant solution! Very cool. For our purposes, one last piece that would be quite helpful would be to know if Storage Access is _likely_ to result in cookies being found, so that we can selectively display UI to users who are likely to interact with it, resulting in a cleaner user experience for everyone. (Issue #332)

              @johnwilander This is a really elegant solution! Very cool. For our purposes, one last piece that would be quite helpful would be to know if Storage Access is _likely_ to result in cookies being found, so that we can selectively display UI to users who are likely to interact with it, resulting in a cleaner user experience for everyone.

One unintrusive option might be an argument `ifPresent` to `hasStorageAccess` that makes it return `true` if it thinks the result of access would be a no-op anyway, or I'm sure there's a more graceful way to do this.

I can imagine some risk here of it being leaky similar to HSTS, but WebKit's recently-announced supercookie mitigations are promising and similar limitations could be applied here.

(FWIW, either a) allowing users to just grant global permission to certain domains or b) adding some sort of `Cookies-present` HTTP header in requests where cookies have been elided would work  even better for us, but I assume there might be more momentum around extending the existing path here. Maybe there's even a middle ground of allowing users to grant permission for a domain to reval this binary bit of information as they go about the web ("Let sites I visit know that I'm a foo.com user") but requiring interaction before the cookie value itself is released.)

_Originally posted by @kushal in https://github.com/whatwg/html/issues/3338#issuecomment-388459791_
            

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/encoding/issues/332
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/encoding/issues/332@github.com>