Browser Origin Policy

From MgmtWiki
Revision as of 09:45, 12 June 2022 by Tom (talk | contribs) (Cookies)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

Browser Origin Policies are used to determine which data and control flows are allowed based on the URL of the page or iFrame..

Context

  • Origin Policies were initiated to prevent tracking of users from one site to another.
  • Origin and site are confused in many documents. An attempt at a taxonomy explaining the differences can be seen at the wiki page Cross-Origin iFrame.

Cookies

Solutions

  • Access to file storage on the user's device is determined by the Shared Storage API
    Shared Storage allows for unpartitioned storage (i.e. not partitioned by top-frame as is planned for other types of storage) that may only be read in a secure environment with carefully constructed output gates. This API is intended to support many cross-site use cases on the web while significantly decreasing cross-site user tracking. This I2E is for Shared Storage's first output gate, called selectURL. It allows Shared Storage to be used to select from a short list of URLS to be displayed in a Fenced Frame. Gates related to aggregate reporting will follow in future experiments.

References