[Webkit-unassigned] [Bug 233330] ITP treating TLD+1 and TLD+2 matched domains as cross-site trackers.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 19 08:17:50 PST 2021


--- Comment #3 from John Wilander <wilander at apple.com> ---
(In reply to Lakshman from comment #2)
> Hi John, Thanks for the response. Below are the examples of the URLs:
> patientportal.patientportal.example.com accessing patientportal.example.com
> failed
> patientportal.differentpath.example.com accessing differentpath.example.com
> failed sometimes and worked sometimes.

Have you tested with those exact URLs, i.e. with *.example.com, or are you using example.com as a placeholder for the real domain that goes there? I'm asking because of the Public Suffix List (https://publicsuffix.org/list/public_suffix_list.dat) and the possibility that what you have in place of example.com is on that list.

Also, can you share these details on the cookies that are being blocked:
1. How are you accessing the cookies – in HTTP requests or through document.cookie?
2. Are all cookies or just some cookies being blocked at any one time?
3. How are the cookies configured? I'm thinking of attributes such as secure, domain, path, and SameSite.
4. Are there any redirects involved when you load the resources where cookies are blocked? I'm especially interested in any redirects to different registrable domains.


You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211119/28851353/attachment.htm>

More information about the webkit-unassigned mailing list