Open lcrespilho opened 2 months ago
Hello @lcrespilho
Thanks for bringing this to our attention! You’re correct, PSAT’s JavaScript cookie detection (specifically the document.cookie
) is currently limited to the main website frame and doesn’t extend to sub frames (iframes).
We recognize this as a bug and are actively working on a fix. The solution will be included in an upcoming version, so stay tuned!
Describe the bug Javascript cookies (those set with document.cookie) set in cross-site iframes are not being detected by PSAT. They are considered by the browser, though.
To Reproduce Steps to reproduce the behavior:
Obs: I have set up a similar test lab here: https://louren.co.in/PSAT/issue645/topframe.html
Expected behavior The cross-site iframe tries to create a third-party cookie without the
Partitioned
attribute and can't because chrome-3pcd-ps has 3pc disabled. This is the expected behavior and even the DevTools console logs the try in the issues tab. The problem is that the try should be detected/logged by PSAT, but it doesn't.Screenshots Screenshot 1: DevTools issues panel evidencing that there was a failed attempt to create the 3PC without![Screenshot 2024-04-25 at 12 55 56](https://github.com/GoogleChromeLabs/ps-analysis-tool/assets/5513980/a15a65fb-a135-4e98-88a3-7a97576c4075)
Partitioned
attribute:Screenshot 2: PSAT didn't detect the failed attempt to create the cookie:![Screenshot 2024-04-25 at 12 58 35](https://github.com/GoogleChromeLabs/ps-analysis-tool/assets/5513980/8ab43daf-dff3-4851-bf1f-b8978ad3e30e)
Desktop (please complete the following information):
Additional context PSAT System Information:
Open Tabs: 1 Active Extensions: Google Docs Offline: ghbmnnjooekpmoecnnnilnnbdlolhkhi Privacy Sandbox Analysis Tool: ikodlagpencphdljdpelmcajjlloiomb Chrome Version: Version 124.0.0.0 (arm64) PSAT Version: 0.7.0 OS - System Architecture: MacOS (arm64)