[Webkit-unassigned] [Bug 217670] Safari blocking third party iframe cookies
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 15 07:37:15 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217670
--- Comment #2 from Amol Patel <amol at cedar.com> ---
Thanks for getting back John. So just to clarify, our use case will probably not work correct? By that I mean allowing an iframe to set cookies without user interaction? There is no way to get around the user interaction requirement even if we prompt the user to give us access?
I also wanted to bring up something we found during testing. Described below:
We created a parent page that contained an iframe with a different domain. We had JS on the iframed child page that would attempt to set a cookie on the document. It was being blocked as expected. We introduced storage access which then prompted the user to accept/deny. We clicked deny. We cleared all cookies/browser history, and started from scratch. We attempted to visit the parent page again and every request for storage access was immediately blocked until we visited the child page in a first party context. Is that expected? It seems like it might be a poor user experience especially if the user accidentally clicked deny.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201015/468660c1/attachment-0001.htm>
More information about the webkit-unassigned
mailing list