-
Notifications
You must be signed in to change notification settings - Fork 11
Cookies / WebAuthn #12
Comments
Interesting. This seems vaguely related to this doc I just saw on the Chromium Storage Isolation project, i.e. "double key all the things". In particular the doc says
and maybe this sort of mechanism would be a way to opt in to that. Although I guess the hope is that we could do so without an opt-in, eventually. I think you're probably proposing something a bit different though, which is for even top-level pages with only one context involved, a way to origin-scope your storage instead of site-scope it. Are there any web properties that would be interested in this sort of thing? I guess in the future it could allow new hosting services (glitch, github pages, etc.) to spring up without relying on the public suffix list, which would be neato. /cc @sleevi @MattMenke2 |
I found https://wicg.github.io/isolation/explainer.html, a 2016 document by @estark37 I'll try to work on such a PR. |
I'm not entirely sure what this would look like, but I'd like it to be considered to some extent. Should this affect (or have a mode that affects) all things that go across the origin boundary?
The text was updated successfully, but these errors were encountered: