[Feature]: Enable storage partitioning and consider expanding storage state API to support storage keys #38455
Description
🚀 Feature Request
Storage partitioning is now enabled by default in all major browsers (ex) but seems to be disabled for browsers by playwright:
- Chrome: the
ThirdPartyStoragePartitioningfeature flag is disabled - Firefox:
network.cookie.cookieBehavioris not set to 5 - Webkit: referenced here
For Firefox this was previously tracked by #31275 but ultimately closed.
For Chromium, we are planning to remove the ThirdPartyStoragePartitioning feature flag, so there will not be a way to opt out of storage partitioning. That is tracked by https://crbug.com/410491202
Partitioning seems to have been disabled due to #32230. The issue from that bug is that with the following code, when third-party storage partitioning is enabled, the localStorage is not set in the third-party iframe:
const context = await browser.newContext({
storageState: {
cookies: [],
origins: [{ origin: 'https://clausa.app.carto.com', localStorage: [{ name: 'hello', value: 'world' }]}]
}
})
Given that the storageState dictionary only has keys corresponding to origins, with storage partitioning enabled it makes sense that the storage partition chosen to write this data into is the first-party context corresponding to that origin (from the code in the example above, the first-party storage partition would be top-level site: https://carto.com, origin: https://clausa.app.carto.com, has-cross-site-ancestor: false). It's WAI that that local storage data would not be accessible from a third-party context when storage partitioning is enabled, since the top-level site and has-cross-site-ancestor fields of the storage key would be different.
If there was enough interest in setting state in specific third-party contexts, storageState could be extended so that storage keys can be specified in addition to just origins. I'm not sure how playwright sets state under the hood, but this should at least be possible for Chrome. What fields make up a storage key is slightly different across browsers today, but a standard format has been proposed and has consensus IIUC: whatwg/storage#182
Example
No response
Motivation
Testing what browsers are actually shipping would be beneficial to playwright users.
Also, once the ThirdPartyStoragePartitioning feature flag is removed, storage partitioning will be enabled for Chrome in playwright but not for other browsers. It'd be better if the feature was enabled proactively across all of the browsers together.