rdelhommer-ultima
commented
3 months ago Little update... I am able to successfully request storage access and set cookies with my code in firefox v128.0.3
My current version of chrome is: 127.0.6533.89
Closed rdelhommer-ultima closed 3 months ago
rdelhommer-ultima
commented
3 months ago Little update... I am able to successfully request storage access and set cookies with my code in firefox v128.0.3
My current version of chrome is: 127.0.6533.89
cfredric
commented
3 months ago Hi -
In my particular scenario, document.hasStorageAccess returned true
This should be sufficient to know that access to cookies is allowed, so I think the issue lies in how you are setting the cookie.
Little update... I am able to successfully request storage access and set cookies with my code in firefox v128.0.3
This is helpful context - this suggests to me that maybe you aren't setting SameSite=None explicitly in the cookie when you set it? Firefox's default SameSite value is None, while Chrome's default is Lax (which isn't a third-party cookie). Reference: https://caniuse.com/mdn-http_headers_set-cookie_samesite_lax_default.
Please try setting SameSite=None explicitly and see if that helps. You can also use Chrome DevTools to see why a cookie was blocked/not set.
rdelhommer-ultima
commented
3 months ago Thanks for getting back to me! This is what my code looks like for setting the cookie. Does not work unfortunately
document.cookie = `token=${token}; Same-Site=None; Secure`
; Same-Site=None;
The attribute is spelled SameSite, not Same-Site (reference). This explains why you're getting each browser's default value.
rdelhommer-ultima
commented
3 months ago wow omg. well thank you so much! surprised that worked in firefox! It is working now
cfredric
commented
3 months ago surprised that worked in firefox!
Firefox's default SameSite value is None, so Firefox defaulted to treating the cookie as third-party. That's the behavior you were trying to explicitly specify anyway, so all was fine.
Chrome's default SameSite value is Lax, so Chrome defaulted to treating the cookie as first-party-only. Since your code was trying to set a first-party cookie in a third-party context, Chrome blocked it.
It is working now
Great!
Hi!
I'm seeing an odd issue with requestStorageAccess where I am able to set data to localStorage but not to cookies.
I have an application that passes information to other applications that live on other domains. Currently, I'm doing this with the following procedure within my document embedded within the iframe of the parent document:
await document.hasStorageAccess()await navigator.permissions.query({name: 'storage-access'})await document.requestStorageAccess()either behind a user gesture or immediately depending on the return values of 1 and 2.In my particular scenario,
document.hasStorageAccessreturnedtrueandnavigator.permissions.queryreturnedprompt. When I subsequently invokeddocument.requestStorageAccess, no errors were thrown, and when I tried to set a cookie to the document (document.cookie = ...). The cookie was not set.As a test, I provided
{ localStorage: true }to therequestStorageAccessinvocation and was able to set data to the target domain via the returned StorageAccessHandle object but cookies were still not set.Thank you!