Description
As various browser engines collaborate in the area of new privacy interventions, it's becoming increasingly important to be able to write web-platform tests for the cross-engine behaviour that web developers should be expecting when the policies applies by each engine would determine that cookies, storage and communication APIs need to be blocked in the third-party context. There are various use cases for writing such tests, including:
- On by default privacy interventions shipped in browsers like Safari, Firefox, Edge and Brave.
- APIs such as Storage Access API
- Existing non-default privacy interventions shipped in almost all browsers, such as third-party cookie blocking
It's important to note that the desire to be able to write such tests isn't related to the default policy shipped in each browser. That is, while browsers may differ in what policies they apply to various browsing contexts, it would be nice to be able to converge on cross-engine behaviours for cases when a given browsing context has its storage and communication capabilities restricted based on some policy decision through the browser defaults or user configuration.
My strawman proposal here would be adding a list of restricted origins to each session, and then adding a few new endpoints in order to add to, remove from, and query that list.
With that, we would be able to create testdriver JS APIs which would allow us to write web-platform tests that for example add a wpt origin to this list, then test how the behaviour of loading an iframe from that origin changes, and then remove the origin from the list.
Feedback appreciated! (Please note that this is the first time I'm proposing something to webdriver, so I may be completely off base...)