From 4a2eba7e8644851c2b547a6f0d9915243563acc1 Mon Sep 17 00:00:00 2001 From: Qing An Date: Mon, 29 Aug 2022 17:24:17 +0800 Subject: [PATCH] Merge use case #24 Merge use case #24 --- index.html | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index d682597..61504f7 100644 --- a/index.html +++ b/index.html @@ -393,9 +393,51 @@

Control API permissions

Non-webview Browsers have implement this using internal APIs. + + +
+

Manage web storage and cookies

+
+
Submitter(s)
+
+ Maxim Tsoy, Duck Duck Go +
+ +
Motivation
+
+ Apps loading 3rd-party web content in WebViews may need more granular control over stored data. For example, DuckDuckGo browsers need this for the Fireproof feature, which allows to make exceptions to the cookie/storage removal. +
+ +
Stakeholders
+
+
    +
  • Browsers based on WebView
    • +
  • WebView vendors
    • +
+
+ +
Analysis
+
+
    +
  • Webkit provides APIs to retrieve cookies and local/sessionStorage as opaque tokens that can be filtered by hostname. This allows selective removal, although it requires some extra code and workarounds to prevent timing issues (removal is asynchronous).
    • +
  • In Webkit, storage is shared between all WKWebView instances, unless it's "non persistent" (in memory), which is not ideal for building web browsers.
    • +
  • In Android WebView, it is not possible to inspect cookie scopes. You can retrieve cookie names and values, but without knowing other attributes it is impossible to override them properly.
    • +
  • Android WebView does not provide APIs to manage localStorage/sessionStorage.
    • +
+
+ +
Related W3C deliverables and/or work items
+
+ N/A +
+ +
How is the issue solved in the Browser, and what’s more is needed?
+
+ Browsers manage storage using APIs of a specific rendering engine. +
+
-