Cookies Having Independent Partitioned State (Chips)
10 months ago
- #privacy
- #cookies
- #web development
- CHIPS (Cookies Having Independent Partitioned State) allows developers to opt cookies into partitioned storage, preventing cross-site tracking while enabling legitimate third-party cookie uses.
- Partitioned cookies are double-keyed by the setting origin and the top-level page origin, restricting access to the context of the top-level site.
- CHIPS introduces a 'Partitioned' attribute for the Set-Cookie header, requiring cookies to be set with 'Secure' and optionally using the '__Host' prefix for domain binding.
- The mechanism uses two keys for storage: the host key and a partition key based on the top-level URL's scheme and eTLD+1, ensuring cookies are only accessible under matching partition keys.
- CHIPS supports legitimate uses like persisting state across subdomains (e.g., chat widgets) while blocking unauthorized cross-site tracking.
- It differs from Firefox's state partitioning by allowing opt-in to third-party cookies for non-tracking purposes.
- Compatibility and specifications are detailed, with references to further reading on the Privacy Sandbox.