Images do not display when site is private and has a custom domain when cross site cookies are blocked

[Nic-Sevic]

Steps to reproduce the behavior

1. Set site as private
2. Open Safari
3. block cross site cookies in preferences > privacy
4. See error

What I expected to happen

since rest of site loads, images should load as well

What actually happened

no images load for some reason works fine in Chrome and Firefox

Context

4012360-zen

Browser / OS version

safari

Is this specific to the applied theme? Which one?

no

Does this happen on simple or atomic sites or both?

for sure simple, not sure about AT

Is there any console output or error text?

Failed to load resource: the server responded with a status of 403 ()

Level of impact (Does it block purchases? Does it affect more than just one site?)

presumably all private sites using safari

Reproducibility (Consistent, Intermittent) Leave empty for consistent.

consistent

Screenshot / Video: If applicable, add screenshots to help explain your problem.

without cookies blocked:

with cookies blocked:

[kosiew]

Hi @Nic-Sevic ,

Can you provide more details to reproduce this?

I could not reproduce it with these conditions:

1. simple site
2. prevent cross site trackin
3. site set to private

if image does not load, please click on this link : https://d.pr/i/53Nddr

[rezzap]

Triaging this issue and replicated this only on a site with a mapped custom domain which would indicate the 3rd party cookies is definitely related

There's a very similar issue reported on mobile that seems related to this in https://github.com/wordpress-mobile/WordPress-iOS/issues/15596

I can get the images to be kept in place if I set the site to be public temporarily and then move back to private and refresh the page.

I'll keep this issue open since the issue is for the web and not the app.

[MaxPhilip]

Two more tickets with the same issue. While sites are private no images are loading in Safari (tested on Mac, iPhone and iPad), same 403 error shown in browser console. As soon as site is published the images are loading fine. When disabling the "block cross site tracking" option all images are loading fine on private sites.

4026397-zen 4034674-zen

Both sites are using custom domains registered with WP.com.

[chad1008]

I'm actually able to reproduce this in Chrome now as well. Reported in 23817087-hc.

Same symptoms, no images, 403s in the console.

Changing the primary domain resolves it, at least temporarily.

Works fine in Firefox, so I'm wondering if there's something new in Chrome?

My Chrome version: 91.0.4472.101 (Official Build) (x86_64)

Relates slack convos:

• p1623698215168200-slack-C01V2160U15
• p1623697515422000-slack-C03TY6J1A

[gwensmithx]

I have another to add here:

30317279-hc 4101765-zen

Using Chrome with custom domain as primary, we set the site (AT) to private and image links on most products were broken. Also visiting the site in incognito mode still showed the page still but with the broken images. When site is public all images are working fine. Also switching to the wpcomstaging domain when site is private will show the private site message in incognito mode as expected but the images are still broken if logged in.

Chrome V: Version 91.0.4472.114 (Official Build) (x86_64)

[dcoleonline]

28559420-hc

This failed for the customer on an iPhone 12 in Safari and Firefox. We set the site to Coming Soon and then back to Private and it ended up working for them. I didn't end up getting the iOS version info as wasn't aware of this report until after the chat ended. For now at least, they seem to be all set.

[tanjoymor]

28559420-hc

This failed for the customer on an iPhone 12 in Safari and Firefox. We set the site to Coming Soon and then back to Private and it ended up working for them. I didn't end up getting the iOS version info as wasn't aware of this report until after the chat ended. For now at least, they seem to be all set.

This customer returned #30658931-hc saying that the problem returned and I advised about disabling Safari ITP for now. They have specifically asked for a follow up once this has been fixed. Noting here for cross-reference.

[cuemarie]

4194815-zd-woothemes Safari 14.1 on macOS Custom domain registered with WP.Com

The workaround that I have now got is as follows:

1. In Private mode, on a page where the images are missing, make a change (even just adding a space somewhere). Update. View Page - still missing.
2. Change to Coming Soon - refresh page - can see images
3. Change back to Private - refresh page - images are still there!

I have asked the user to try enabling cross-site cookies in Safari and switching their primary domain as potential workarounds.

[zachspears]

31104768-hc I had this user return in chat and ask about the status of this bug report. They would like to use their custom domain with their site again. They have specifically asked for a follow-up once this has been fixed.

[hideandgeek404]

4312501-zd-woothemes

Simple site Custom domain as primary No images - 403 error

It looks like this is another case and I also did spot another the other day but didn't realise this was an existing issue. If I can find it then I will add it here.

[hideandgeek404]

4327740-zd-woothemes

Simple site Custom domain as primary No images - 403 error

Here is another reported instance of images not loading on a simple site when the custom domain is set as primary.

[rachelwinspear]

4399933-zen

Simple site Custom domain as primary No images - 403 error

Switching to default domain resolves the issue. Please update user when resolved.

[metabreakr]

32953245-hc

[daria2303]

4713402-zd-woothemes

[zdenys]

4736381-zd-woothemes

[zdenys]

4747684-zd-woothemes

[zdenys]

4774971-zd-woothemes

[zdenys]

4785282-zd-woothemes

[zdenys]

4829352-zd-woothemes

[zdenys]

4932291-zd-woothemes

[zdenys]

4935151-zd-woothemes

[MaxPhilip]

4966920-zd

[MaxPhilip]

5177276-zd

[bluefuton]

Updated the description because this happens in multiple browsers.

This is a good candidate for a priority upgrade I think, because the private site experience feels really broken with images failing to load at all. The available workaround (switch to a *.wordpress.com as your primary domain) is not a great one.

[mzitinfo]

I've come across a report of this happening in both Firefox and Safari, in zen-5340660.

Update: This user confirmed that the workaround of first publishing the site, and then setting it back to private, solved the issue. (The images are displayed, even though the site is set back to private)

[MaxPhilip]

Another report: 5361297-zd

[mzitinfo]

Another one in 5368345-zd

[carinapilar]

Another one in 5418687-zd-woothemes

[github-actions[bot]]

Support References

This comment is automatically generated. Please do not edit it.

• [ ] 4012360-zen
• [ ] 4026397-zen
• [ ] 4034674-zen
• [ ] 4101765-zen
• [ ] 4194815-zen
• [ ] 4312501-zen
• [ ] 4327740-zen
• [ ] 4399933-zen
• [ ] 4713402-zen
• [ ] 4736381-zen
• [ ] 4747684-zen
• [ ] 4774971-zen
• [ ] 4785282-zen
• [ ] 4829352-zen
• [ ] 4932291-zen
• [ ] 4935151-zen
• [ ] 4966920-zen
• [ ] 5177276-zen
• [ ] 5361297-zen
• [ ] 5368345-zen
• [ ] 5418687-zen
• [ ] https://wordpress.com/forums/topic/issue-with-people-seeing-content
• [ ] 5505589-zen
• [ ] 5628876-zen
• [ ] 5803233-zen
• [ ] 5812929-zen
• [ ] 5830175-zen
• [ ] 6208115-zen
• [ ] pMz3w-fNu-p2#comment-102184
• [ ] 5829540-zen
• [ ] 5854805-zen
• [ ] 6309367-zen
• [ ] 6329078-zen
• [ ] 6338930-zen
• [ ] 6473305-zen
• [ ] 6767570-zen
• [ ] 7109476-zen
• [ ] 7188567-zen
• [ ] 7351073-zen
• [ ] 7488532-zen
• [ ] 7518457-zen
• [ ] 7640680-zen
• [ ] 7689312-zen
• [ ] pMz3w-fNu-p2#comment-115221
• [ ] 7815770-zen
• [ ] 7875276-zen
• [ ] 7898878-zen
• [ ] 7891706-zen
• [ ] 8060994-zen