[Webkit-unassigned] [Bug 196592] Cookies not sent with third party requests via XHR or iFrame
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 26 10:51:44 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=196592
--- Comment #8 from Sam Potts <sam at potts.es> ---
I understand the need to prevent unwanted tracking but it also doesn't provide a way for _legitimate_ access to third party cookies for applications like ours (see first comment).
I have seen the prompt with copy along the lines of "x.com would like to access y.com cookies". It would be nice if there was a way to trigger access via this prompt without the need for an initial user gesture so at least they could elect out of it at the prompt. It's the requirement for an initial user gesture that makes it difficult. We'd have to iframe something from the third party over the whole page like a modal or dialog. Currently there's no easy around it other than "avoid Safari" for now.
How does the Storage Access API work with XHR requests if there's no <iframe> to interact with? I'm not referring to XHR within the iframe but an XHR on the parent page that makes requests to a third party.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200126/906acf08/attachment-0001.htm>
More information about the webkit-unassigned
mailing list