Use of deprecated APIs to read cookies

[ghengeveld]

From AP-4226

How is the user affected? And what is the expected behavior?

When using the VTA addon, I get the following warnings in Chrome 121:

Full information can be found here:

https://developers.google.com/privacy-sandbox/3pcd

According to Chrome:

Browsers are well under way in phasing out unpartitioned third-party cookies, so CHIPS, the Storage Access API, and Related Website Sets) will be the only way to read and write cookies from cross-site contexts, such as iframes, when third-party cookies are blocked.

Therefore, Chromatic should either add a new mechanism for Chrome/Edge which uses CHIPS for a more private-based solution (while keeping the old way for Safari/Firefox given they don't support CHIPS yet), or try and apply for a "third party deprecation trial", which won't solve the issue but will give more time to fix it.

How many and/or what class of users does this impact?

Anyone using Chromium based browsers on their latest versions. For now it's a warning, but in Q3 2024 it will error and Chromatic might not be able to handle auth via the addon:

Subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority, Chrome will ramp up third-party cookie restrictions to 100% of users from Q3 2024

Is there a workaround?

Ideally we should change the way we read cookies. Only workaround would be to apply for the deprecation trial period

What are the steps for reproducing the issue?

Run Storybook with the VTA addon on Chrome 121, open dev tools and see the warnings in the "issues" tab.

[ghengeveld]

I enabled testing mode for third-party cookie phaseout in Chrome, and the VTA appears to be working just fine. I'm not getting any cookie-related errors or issues in DevTools. The two failed network requests are also unrelated (they yield a 500 error regardless of cookies).

Closing this issue since we seem to be in the clear.