search

mojolicious / mojo

:sparkles: Mojolicious - Perl real-time web framework
https://mojolicious.org
Artistic License 2.0
2.66k stars 575 forks source link

Feature request: Support session cookies with "Partitioned" #2179

Open nchaigne opened 1 month ago

nchaigne commented 1 month ago

Third-party cookies will "soon" be phased out. As seen in Firefox console for example:

Cookie "mojolicious" will soon be rejected because it is foreign and does not have the "Partitioned" attribute.

I would like Mojolicious to support "Partitioned" session cookies, so we can keep using session cookies with CORS.

Thank you for considering this.

kraih commented 1 month ago

Without a spec this seems unlikely to happen.

nchaigne commented 1 month ago

What do you mean ? Do I need to specify how to do this ? or do we need an official spec from Mozilla / Google ?

Skeeve commented 1 week ago

Without a spec this seems unlikely to happen.

Here are the specs: https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies

@nchaigne e this is what I did:

                my $partitioned = $app->sessions->cookie_path;
                $partitioned =~ s/(?:; Partitioned)*$/; Partitioned/;
                $app->sessions->cookie_path($partitioned);

As the path parameter of cookie_path is not checked, it works.

Maybe this would be better?

                my $partitioned = $app->sessions->cookie_path;
                if (not $partitioned =~/; Partitioned(;|$)/) {
                    $app->sessions->cookie_path($partitioned . '; Partitioned');
                }