search

AxeWP / wp-graphql-headless-login

A WordPress plugin that provides Headless login and authentication for WPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.
GNU General Public License v3.0
72 stars 11 forks source link

Cookie “wordpress_logged_in_...” will soon be rejected because it is foreign and does not have the “Partitioned“ attribute #139

Closed plastichotsprings closed 1 month ago

plastichotsprings commented 1 month ago

Description

Hi! I'm attempting to login with the plugin but I'm getting a series of cookie warnings related to the Partitioned attribute.

I can't find anything online related to the Partitioned attribute or how to set it. Simple queries of Wordpress data from the frontend works fine.

I also appear to be getting the Samesite cookie warnings as well (missing "secure" attribute), and these are persisting even though I have installed the Samesite Cookie Manager plugin as a workaround as suggested in #129.

Steps to reproduce

  1. Install packages and plugins
  2. Configure plugin like so, authorizing localhost domain:

image

  1. Set "SameSite" attribute to "None" using Samesite Cookie Manager plugin.

  2. Write this mutation logic in my login form and call mutation onSubmit:

const LOG_IN_MUTATION = gql`
mutation loginWithPassword(
  $username: String!,
  $password: String!,
) {
  login(
    input: {
      provider: PASSWORD, # This tells the mutation to use the WordPress username/password authentication method.
      credentials: {      # This is the input required for the PASSWORD provider.
        username: $username,
        password: $password,
      }
    }
  ) {
    authToken
    authTokenExpiration
    refreshToken
    refreshTokenExpiration
    user {
      username
    }
  }
}
`;

I receive a cookie confirming that my login appeared to be successful, but the cookie seems to be rejected by the browser due to missing certain flags. Running this mutation in my GraphQL IDE works fine, it's just when calling it from my Nuxt frontend.

Additional context

image

Plugin Version

0.3.1

WordPress Version

6.6.2

WPGraphQL Version

1.28.1

Additional enviornmental details

Frontend: Nuxt @ 3.12.4, nuxtjs/apollo@5.0.0-alpha.14

Please confirm that you have searched existing issues in the repo.

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

plastichotsprings commented 1 month ago

I think I figured out that it was a browser issue. I set Firefox tracking protection to make an exception for localhost, and the Partitioned warnings disappeared. Closing!

justlevine commented 1 month ago

Surprised I havn't run into this sooner, thanks so much for sharing @plastichotsprings (both the issue and the solve) 🙌🙌🙌