Request to `subdomain.example.org` sent from `example.org` is considered third party. All the ad blockers out there use another definition of `third-party`, requests to subdomains are considered first-party.
We should probably use a definition of third-party that is in terms of in terms of "site" rather than "origin", as in the definitions of "first party" and "third party" in the WebKit Tracking Prevention policy: https://webkit.org/tracking-prevention-policy/ While this does not match the same-origin policy sense, it does match cookies and the way our http cache partitioning works.
<rdar://problem/59584586>
Yeah, the first-party definition you use in ITP makes perfect sense.
This might be a compatibility break, so I wonder if we need to add a new version of third-party with a different name. ('third-party-site' maybe? and legacy version aliased to third-party-origin?)
In my opinion, this change won't cause any troubles. On the contrary, it might fix a few things. The thing is that most of the content blockers for Safari are actually "converted" from existing filter lists like EasyList, AdGuard filters, etc, and all these filter lists expect the requested behavior of "third-party".