Brave Shields blocks uploading header graphic cover photo for YouTube channels

[Miyayes]

Description

When updating your YouTube channel's cover/header photo, Brave's Shields will not let you access the upload/picture selection screen. It will continually ask you to "sign in", but nothing will happen.

When Shields are disabled, everything works as expected.

Chrome + uBlock Origin: Works as expected with Chrome + uBlock Origin.

Originally reported here: https://community.brave.com/t/brave-blocks-uploading-header-graphic-to-yt-channel/45286 Please see here for more photos.

Steps for reproduction

1. Log into a YouTube channel on Brave with Shields up.
2. Go to your channel settings; try to edit the channel header photo/customize channel artwork.
3. Be prompted to "Sign in". Click "Sign in". Nothing will happen.

Specs

Reproduced on:

1. Version 0.59.35 Chromium: 72.0.3626.81 (Official Build) (64-bit) (my own machine, MacOS)
2. Version 0.61.22 Chromium: 72.0.3626.81 (Official Build) dev (64-bit) (according to community report. Appears to be Windows.)

[mikedotexe]

Bumping this issue as I just saw it as well.
Note that when I allow all cookies, this problem disappears.
Shown below is the change that "fixes" this:

I don't think that Brave should try customize defaults for all sites, as that's untenable. However, in the case of YouTube channel customization, may I suggest that this gets changed from "Cross-site cookies blocked" to "All cookies allowed" or some sort of modal appears alerting the user that some folks have needed this change for this page/site, or something to the likes of that.

Console log errors here:

rpc.js?c=1&container=onepick:448 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://docs.google.com') does not match the recipient window's origin ('https://www.youtube.com').
(anonymous) @ rpc.js?c=1&container=onepick:448
setTimeout (async)
call @ rpc.js?c=1&container=onepick:446
call @ rpc.js?c=1&container=onepick:678
(anonymous) @ common.js:1563
(anonymous) @ common.js:1559
yja @ common.js:1546
BJ @ common.js:1559
DJ @ common.js:1563
g.h.Sb @ common.js:2783
g.h.show @ channels_edit.js:143
(anonymous) @ channels_edit.js:30
(anonymous) @ common.js:293
k @ base.js:404
videos?disable_polymer=true:1 Invalid 'X-Frame-Options' header encountered when loading 'https://docs.google.com/picker?protocol=gadgets&origin=https%3A%2F%2Fwww.youtube.com&hostId=yt-banner&hl=en_US&title=Channel%20art&thumbs=orig&minSize=2048x1152&cropMode=ytcb&relayUrl=https%3A%2F%2Fwww.youtube.com%2F%2Fs.ytimg.com%2Fyts%2Ffavicon-vfl8qSV2F.ico&nav=((%22upload%22%2Cnull%2C%7B%22query%22%3A%22youtubebanner%22%2C%22data%22%3A%7B%22silo_id%22%3A%2219%22%7D%2C%22ytMaxFileSize%22%3A6%2C%22ytRecWidth%22%3A2560%2C%22ytRecHeight%22%3A1440%7D)%2C(%22photos%22)%2C(%22photos%22%2C%22Gallery%22%2C%7B%22type%22%3A%22ytbanner%22%7D))&rpcService=rs0qrtuk9qwl&rpctoken=j1n8hy7wjm81': 'ALLOW-FROM https://www.youtube.com' is not a recognized directive. The header will be ignored.
videos?disable_polymer=true:1 Access to XMLHttpRequest at 'https://googleads.g.doubleclick.net/pagead/id' from origin 'https://www.youtube.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

[mikedotexe]

I just saw there's a label for this. Note to admins we can probably slap the label: workaround/allow-all-cookies onto this issue.
Label link:
https://github.com/brave/brave-browser/labels/workaround%2Fallow-all-cookies