Open sebastiansandqvist opened 6 months ago
Hey Sebastian, thank you for your feedback and question!
For (1), as far as I am aware, there are no plans to have 3P cookie deprecation impact how background contexts in extensions interact with cookies. An extension's background script will be able to use cookies for any site the extension has permissions. This includes HTTP requests and the chrome.cookies API.
For (2), I assume you mean custom DevTools panels that extensions can add? I myself have implemented a carve out for 3P cookie blocking which exempts these panels from this kind of blocking. If this is not what you mean, please let me know so I can make sure your concern is addressed.
For (3), are you referring to pages that embed an
Glad to hear that (1) is supported and that it sounds like (3) may be supported eventually.
For (2), I am referring to the SidePanel API. It sounds like a similar issue to the DevTools panels, though, so I am hopeful there's a similar solution.
Api
No replies in >4 months so I'll close this, but feel free to reopen if necessary.
@samdutton This issue is still unresolved, so I do not think it should be closed as completed. In particular, 3PCD will likely break Chrome extensions that make cookie-authenticated requests via the SidePanel. Do you have any updates on whether the concerns I outlined above have been or will be addressed prior to the full roll out of third party cookie deprecation?
No worries @sebastiansandqvist — happy to reopen.
Also note that Chrome is proposing a new approach for user choice with third-party cookies: privacysandbox.com/news/privacy-sandbox-update.
Hi @sebastiansandqvist, requests made from a side panel benefit from the same exception @DCtheTall mentioned previously. In particular, as noted here:
Third-party cookies are never blocked even in subframes if the top-level page for a given tab is a chrome-extension:// page.
This is a fairly broad exception which may be refined in the future but there aren't currently any plans to change that.
Given a Chrome extension that uses a cookie for authentication into the extension itself, will third-party cookie deprecation break authentication for the extension?
How will this affect the following:
From my reading, adding
partitioned
to the cookie would still result in case 3 (possibly also case 2) being broken.I've found a related StackOverflow thread about the same issue: https://stackoverflow.com/questions/68610480/chrome-extensions-and-third-party-cookies-alternative