Change Details

Set up two websites on different registrable domains, and test what cross-domain cookie mechanics are enabled by RWS. The things we want to check: * Can you read/write third-party cookies on the server side without user interaction (in a cross-domain AJAX request or invisible pixel)? * Can you read/write third-party cookies on the client side without user interaction? Can this be made 100% unobtrusive to the user? (Presumably that would require an invisible iframe.) Can the parent web page react to the process finishing? (Esp. in the scenario when something goes wrong - is there something similar to a failure handler in an AJAX request, or something that can be done with a timer?) There are two possible approaches (`requestStorageAccess`, which is cross-browser and could be used to build a workflow that works on non-RWS-supporting browsers by falling back to a permission prompt; and `requestStorageAccessFor` which is more powerful and probably the only way to use AJAX requests, but Chrome-only), we should check both. Note that there are three ways to register a domain in RWS (primary, associated, service), with some notable [[https://github.com/GoogleChrome/related-website-sets/blob/main/RWS-Submission_Guidelines.md#browser-behavior|differences]] in behavior. For background on the Related Website Sets spec (previously called First-Party Sets), see {T345589}. See [[https://developers.google.com/privacy-sandbox/3pcd/related-website-sets-integration#how_to_test_locally|Chrome docs]] on how to set custom RWS settings in a browser.

Set up two websites on different registrable domains, and test what cross-domain cookie mechanics are enabled by RWS. The things we want to check: * Can you read/write third-party cookies on the server side without user interaction (in a cross-domain AJAX request or invisible pixel)? * Can you read/write third-party cookies on the client side without user interaction? Can this be made 100% unobtrusive to the user? (Presumably that would require an invisible iframe.) Can the parent web page react to the process finishing? (Esp. in the scenario when something goes wrong - is there something similar to a failure handler in an AJAX request, or something that can be done with a timer?) There are two possible approaches (`requestStorageAccess`, which is cross-browser and could be used to build a workflow that works on non-RWS-supporting browsers by falling back to a permission prompt; and `requestStorageAccessFor` which is more powerful and probably the only way to use AJAX requests, but Chrome-only), we should check both. Note that there are two ways to register a domain in RWS (primary/associated and service), with some notable [[https://github.com/GoogleChrome/related-website-sets/blob/main/RWS-Submission_Guidelines.md#browser-behavior|differences]] in behavior. For background on the Related Website Sets spec (previously called First-Party Sets), see {T345589}. See [[https://developers.google.com/privacy-sandbox/3pcd/related-website-sets-integration#how_to_test_locally|Chrome docs]] on how to set custom RWS settings in a browser.

Set up two websites on different registrable domains, and test what cross-domain cookie mechanics are enabled by RWS. The things we want to check: * Can you read/write third-party cookies on the server side without user interaction (in a cross-domain AJAX request or invisible pixel)? * Can you read/write third-party cookies on the client side without user interaction? Can this be made 100% unobtrusive to the user? (Presumably that would require an invisible iframe.) Can the parent web page react to the process finishing? (Esp. in the scenario when something goes wrong - is there something similar to a failure handler in an AJAX request, or something that can be done with a timer?) There are two possible approaches (`requestStorageAccess`, which is cross-browser and could be used to build a workflow that works on non-RWS-supporting browsers by falling back to a permission prompt; and `requestStorageAccessFor` which is more powerful and probably the only way to use AJAX requests, but Chrome-only), we should check both. Note that there are threetwo ways to register a domain in RWS (primary, /associated, and service), with some notable [[https://github.com/GoogleChrome/related-website-sets/blob/main/RWS-Submission_Guidelines.md#browser-behavior|differences]] in behavior. For background on the Related Website Sets spec (previously called First-Party Sets), see {T345589}. See [[https://developers.google.com/privacy-sandbox/3pcd/related-website-sets-integration#how_to_test_locally|Chrome docs]] on how to set custom RWS settings in a browser.