search

GoogleChromeLabs / ps-analysis-tool

Privacy Sandbox Analysis Chrome Extension and CLI for analysis and understanding of cookie usage on web pages, and new privacy-preserving Chrome APIs
https://www.privacysandbox.com
Apache License 2.0
95 stars 22 forks source link

Farfetch.com: Discrepancy in _abck Cookie Domain Value Between PS-Analysis-Tool, Network Requests Tab and DevTools Application Cookies' Tab #138

Closed jlacher closed 10 months ago

jlacher commented 12 months ago

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. Go to
  2. Go to the Privacy Sandbox tab on DevTools
  3. Open the Cookies section on left and select https://www.farfetch.com/
  4. Search for the _abck cookie and look for the domain value under the domain column
  5. Observe that the domain is farfetch.net
  6. Go to the network requests tab on DevTools
  7. Reload the page and search for farfetch.net
  8. Observe The Headers section of one of the requests
  9. Look for a Set-Cookie for '_abck' and observe it's domain is set for farfetch.net

Expected behavior The domain as it appears in the Application tab in the Chrome DevTools should be consistent with ps-analysis-tool and the network requests tab

Screenshots

On the ps-analysis-tool:

image

It can be observed that the domain for _abck is farfetch.net

On the network requests tab:

image

It can be observed that the domain for _abck is farfetch.net

On Chrome DevTools' Application tab:

image

It can be observed that the domain for _abck is farfetch.com

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

gagan0123 commented 12 months ago

@jlacher

Thank you for reporting this issue.

We already know there are some discrepancies with the way this extension handles partitioned cookies.

Our team is currently exploring some low-level APIs to prevent this kind of mismatch in the data displayed by this extension and the Chrome DevTools. We're also examining a similar issue here: https://github.com/GoogleChromeLabs/ps-analysis-tool/issues/85

We will keep you informed of any progress made on this issue.

mohdsayed commented 12 months ago

@jlacher

This was happening because there were two requests trying to set cookies with the same name but different domains. When we looked closely, we found that the later request was overriding the previous cookie (see screencast)

https://github.com/GoogleChromeLabs/ps-analysis-tool/assets/6297436/e2c9ecb0-6949-4b97-a522-037c62ecf2b6

Therefore, we should avoid the override and list both the cookies. It was implemented and fixed in https://github.com/GoogleChromeLabs/ps-analysis-tool/pull/140 and should be available in the next release. I noticed that the default developer tool also shows both cookies occasionally.

image

jlacher commented 12 months ago

Thank you for the quick response. I would appreciate being kept updated on this issue.

mohdsayed commented 11 months ago

Thank you for the quick response. I would appreciate being kept updated on this issue.

@jlacher The fix is now available as part of version 0.3.0, which we have just released.