Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Partitioned Cookies #55370

Open
amcasey opened this issue Apr 25, 2024 · 3 comments · May be fixed by #55371
Open

Add support for Partitioned Cookies #55370

amcasey opened this issue Apr 25, 2024 · 3 comments · May be fixed by #55371
Labels
api-approved API was approved in API review, it can be implemented area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

Comments

@amcasey
Copy link
Member

amcasey commented Apr 25, 2024
edited

Background and Motivation

CHIPS is a draft for incrementally moving away from third-party cookies to improve privacy.

Feature request: #53224
PR: #55371

Proposed API

namespace Microsoft.Net.Http.Headers;

public class SetCookieHeaderValue
{
+    public bool Partitioned { get; set; }
}
namespace Microsoft.AspNetCore.Http;

public class CookieBuilder
{
+    public virtual bool Partitioned { get; set; }
}

public class CookieOptions
{
+    public bool Partitioned { get; set; }
}

Usage Examples

IResponseCookies responseCookies;
responseCookies.Append("cookieName", "cookieValue", new CookieOptions
{
    Partitioned = true,
    SameSite = SameSiteMode.None,
    Secure = true,
});

You can also use a CookieBuilder, but that won't do any validation (as for Same-Site).

Alternative Designs

n/a

Risks

I understand the CHIPS spec isn't actually finalized.
@amcasey amcasey added the api-suggestion Early API idea and discussion, it is NOT ready for implementation label Apr 25, 2024
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions label Apr 25, 2024
amcasey added a commit to amcasey/aspnetcore that referenced this issue Apr 25, 2024
@amcasey
Add support for the Partitioned cookie attribute
985f204 
...to support CHIPS (Cookies Having Independent Partitioned State).

Fixes dotnet#53224
Fixes dotnet#55370
@amcasey amcasey linked a pull request Apr 25, 2024 that will close this issue
Open
@amcasey amcasey added api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews and removed api-suggestion Early API idea and discussion, it is NOT ready for implementation labels Apr 25, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:

  • The PR contains changes to the reference-assembly that describe the API change. Or, you have included a snippet of reference-assembly-style code that illustrates the API change.
  • The PR describes the impact to users, both positive (useful new APIs) and negative (breaking changes).
  • Someone is assigned to "champion" this change in the meeting, and they understand the impact and design of the change.

@amcasey
Copy link
Member Author

amcasey commented Apr 25, 2024

  • Does CookiePolicyOptions need this?
    • We could do that for completeness, but let's hold off for now
  • Why can't users just use Extensions?
    • Aside: extensions were new in 7.0
  • Katana lacks extensions, so it will need its own new API
  • Throwing might interact badly with proxies
    • Sites may not see the same Secure attribute that eventually reaches the browser
  • There's no validation below ResponseCookies because that's the lowest layer with a logger
  • Things will get unpleasant if the final name isn't "Partitioned" or the final type isn't "bool"

@amcasey
Copy link
Member Author

amcasey commented Apr 25, 2024

API approved

namespace Microsoft.Net.Http.Headers;

public class SetCookieHeaderValue
{
+    public bool Partitioned { get; set; }
}
namespace Microsoft.AspNetCore.Http;

public class CookieBuilder
{
+    public virtual bool Partitioned { get; set; }
}

public class CookieOptions
{
+    public bool Partitioned { get; set; }
}

@amcasey amcasey added api-approved API was approved in API review, it can be implemented and removed api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews labels Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-approved API was approved in API review, it can be implemented area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for the Partitioned cookie attribute amcasey/aspnetcore
1 participant
@amcasey