← Back to release summary

Document's "first-party" takes ancestors into account.

Category

Security

Type

New or changed feature

Status

Enabled by default (Chrome 45)

Intent stage

None

Summary

I'd like to make a small change to the definition of "first-party" that we use for third-party cookie blocking: we currently look only at the top-level origin to determine the first-party origin for a request. I'd like to start walking the whole ancestor chain of a frame.

Standards & signals

• Specification: https://tools.ietf.org/html/draft-west-first-party-cookies
• Firefox: Shipped/Shipping
• Safari: No signal
• Web developers: Positive
• Tracking bug: https://crbug.com/477578

View on chromestatus.com