[22:47:58] <Krinkle>	 MatmaRex: do we have a list of links that /should/ point to SSO from an SSO page?
[22:48:23] <Krinkle>	 The only hard requirement I can think of is the <form action>
[22:48:37] <Krinkle>	 But I imagine you've got a few more that we've come across
[22:51:23] <Krinkle>	 TIL about https://www.cookiestatus.com/ via BBC Eng Team https://mastodon.social/@tdp_org/113090188067807615
[22:51:45] <MatmaRex>	 Krinkle: tgr made this list: https://gerrit.wikimedia.org/g/mediawiki/extensions/CentralAuth/+/17bcb36c604309aa515f8bb93ad57a1cdb506de5/includes/Hooks/Handlers/SsoHookHandler.php#41 i'm not sure if it's complete
[22:51:51] <Krinkle>	 Overview of empirical evidence in of how different browsers approach cookie limitations
[22:53:33] <Krinkle>	 MatmaRex: hmm that's for what's allowed to be on the domain, I assumed that's mainly about how you get into the SSO domain from elsewhere, not about what points there when you're already on it. Any overrides we have to make redirect or override links should work either way.
[22:53:41] <bawolff>	 Is that out of date. I was pretty sure that chrome partioned third party cookies based on top level document
[22:55:04] <MatmaRex>	 Krinkle: yeah, i guess that's technically different. but i can't think of any reason to link to the central domain for anything that can be linked to the normal domain.
[22:55:25] <MatmaRex>	 err not sure if that sentence makes sense
[22:55:45] <Krinkle>	 bawolff: third-party cookie partionining is afaik another name for "third party cookie deprecation" where Chrome is the last hold out. They've said multple times in recent years they'd do it, but haven't so far.
[22:56:11] <Krinkle>	 most recently this vague announcement is more or less them saying they're post-poning it indefinitely. https://privacysandbox.com/news/privacy-sandbox-update/
[22:57:33] <bawolff>	 https://developers.google.com/privacy-sandbox/cookies/storage-partitioning claims it was implemented in 115
[22:57:59] <bawolff>	 but i guess there is an opt out
[23:03:53] <Krinkle>	 bawolff: hm.. that's about other types of storage, not cookies.
[23:04:31] <Krinkle>	 but Google has been mixing signals for years. Trying all sorts of alternatives and gaslit iniatiatives only to back out after backlash 
[23:04:47] <Krinkle>	 Chrome does indeed partition http cache as well, as have all browsers for many years.
[23:04:56] <Krinkle>	 This is, for exampe, why shared CDN cache doesn't work anymore.
[23:05:11] <Krinkle>	 e.g. including jquery.js from code.jquery.com doesn't benefit foo.example after visiting bar.example
[23:06:09] <Krinkle>	 since it can be used to effectively store tracking data. E.g. imagine not-a-real-cdn.example.org/generateId.js.php returning a differnet ID but with a long cache expiry. Including that script and having it set a variable (or ETag) is essentially the same as storing a cookie.
[23:06:40] <Krinkle>	 So those kinds of things have been openly killed off by partioning, but cookies still remain in a bunch of contexts.