third-party cookies in chrome are used in the login flow (localhost only)

[paultag]

Third-party cookies are used in the KCMA login flow, which will break when google finishes its project to block Third-Party Cookies in Chrome.

I added a note in the README in PR#262, but @franknoirot pointed out this is worth tracking as a bug for if/when we support a browser-only version of the app that the auth flow will need unified with the Tauri one to be entirely token-based.

[jessfraz]

wait is it third-party becuase it was a vercel domain? or when its a kittycad domain is it still third-party because I thought in prod we made it a wildcard so it should be kosher then, its what we do for graphs.corp.kittycad.io as well

[jessfraz]

yeah it should be fine in prod https://github.com/KittyCAD/api-deux/blob/ec87501b15b738eb4c1bba77738ac2421ffb0cab/src/server/context.rs#L463 so wouldnt be an issue in the future, it would still just be an issue for dev, we could i guess wildcard dev like ".dev.kittycad.io" I think that would work for app.dev.kittycad.io but not the vercel addrs

[paultag]

Yeah this only impacts running it on localhost or something that isn't the real domains, I don't think this is a huge deal and ought to only impact people building the site itself I think