How will third-party cookie deprecation work for Chrome extensions?

Hey Sebastian, thank you for your feedback and question!

For (1), as far as I am aware, there are no plans to have 3P cookie deprecation impact how background contexts in extensions interact with cookies. An extension's background script will be able to use cookies for any site the extension has permissions. This includes HTTP requests and the chrome.cookies API.

For (2), I assume you mean custom DevTools panels that extensions can add? I myself have implemented a carve out for 3P cookie blocking which exempts these panels from this kind of blocking. If this is not what you mean, please let me know so I can make sure your concern is addressed.

For (3), are you referring to pages that embed an that loads an extension URL? I assume so based on the SO post, but I want to confirm you are referring to that and not something else. If that is the case, we do not have a 3P cookie blocking exception in place, but this is an active area of development for us since we understand this is a pain point for developers.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/sebastiansandqvist"><img src="https://avatars.githubusercontent.com/u/2024396?v=4" />sebastiansandqvist</a> commented <strong> 5 months ago</strong> </div> <div class="markdown-body"> <p>Glad to hear that (1) is supported and that it sounds like (3) may be supported eventually.</p> <p>For (2), I am referring to the <a href="https://developer.chrome.com/docs/extensions/reference/api/sidePanel">SidePanel API</a>. It sounds like a similar issue to the DevTools panels, though, so I am hopeful there's a similar solution.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/thanatkron"><img src="https://avatars.githubusercontent.com/u/143308108?v=4" />thanatkron</a> commented <strong> 5 months ago</strong> </div> <div class="markdown-body"> <p>Api</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/samdutton"><img src="https://avatars.githubusercontent.com/u/205226?v=4" />samdutton</a> commented <strong> 1 month ago</strong> </div> <div class="markdown-body"> <p>No replies in >4 months so I'll close this, but feel free to reopen if necessary.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/sebastiansandqvist"><img src="https://avatars.githubusercontent.com/u/2024396?v=4" />sebastiansandqvist</a> commented <strong> 1 month ago</strong> </div> <div class="markdown-body"> <p>@samdutton This issue is still unresolved, so I do not think it should be closed as completed. In particular, 3PCD will likely break Chrome extensions that make cookie-authenticated requests via the SidePanel. Do you have any updates on whether the concerns I outlined above have been or will be addressed prior to the full roll out of third party cookie deprecation?</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/samdutton"><img src="https://avatars.githubusercontent.com/u/205226?v=4" />samdutton</a> commented <strong> 1 month ago</strong> </div> <div class="markdown-body"> <p>No worries @sebastiansandqvist — happy to reopen.</p> <p>Also note that Chrome is proposing a new approach for user choice with third-party cookies: <a href="https://privacysandbox.com/news/privacy-sandbox-update/">privacysandbox.com/news/privacy-sandbox-update</a>.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/oliverdunk"><img src="https://avatars.githubusercontent.com/u/6097064?v=4" />oliverdunk</a> commented <strong> 1 month ago</strong> </div> <div class="markdown-body"> <p>Hi @sebastiansandqvist, requests made from a side panel benefit from the same exception @DCtheTall mentioned previously. In particular, as noted <a href="https://developer.chrome.com/docs/extensions/develop/concepts/storage-and-cookies#cookies-partitioning">here</a>:</p> <blockquote> <p>Third-party cookies are never blocked even in subframes if the top-level page for a given tab is a chrome-extension:// page.</p> </blockquote> <p>This is a fairly broad exception which may be refined in the future but there aren't currently any plans to change that.</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>

privacysandbox / privacy-sandbox-dev-support

How will third-party cookie deprecation work for Chrome extensions? #313