Skip to content

/ brave-browser

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Third party cookies blocked for us when upgrading to Brave 0.68 #6099

Open
skogsmaskin opened this issue Sep 20, 2019 · 3 comments
Open

Third party cookies blocked for us when upgrading to Brave 0.68 #6099

skogsmaskin opened this issue Sep 20, 2019 · 3 comments
Assignees
@tomlowenthal
Labels
feature/cookie-allow-list feature/shields/cookies workaround/allow-all-cookies

Comments

@skogsmaskin
Copy link

@skogsmaskin skogsmaskin commented Sep 20, 2019
edited by rebron

Description

We have an issue with our service for users upgrading to Brave version 0.68. Our service depends on a third party cookie for tracking login status in our API. This used to work just fine before users upgraded to v. 0.68. After upgrading to this version the cookie is now blocked. One would think that going into the API host and turning the shield down for that, would remove the block status of the cookie and make things work again, but it doesn't. I'm not sure if this is a bug of a feature.

Steps to Reproduce

  1. Go to https://eple.sanity.studio
  2. It will test third party cookie capabilities, and notice that it's getting blocked
  3. Click the "Try again" button, which will open up a popup that will let the user interact with the API domain (y12wncqa.api.sanity.io) in order to whitelist it. This works for Safari's ITP, but as Brave unconditionally blocks third party cookies, it's probably expected that this interaction will not work for Brave. Anyway, when the popup is open (which opens on the API domain), turn off the shield for that host.
  4. One would expect the cookies for y12wncqa.api.sanity.io would now be allowed as the shield is down for that host, but it continues to be blocked on https://eple.sanity.studio.
  5. On https://eple.sanity.studio click the Site Settings (lock symbol on the left to the location bar). Click on "Cookies". Click on the "Blocked" tab. The cookie for y12wncqa.api.sanity.io is listed as blocked. Select it and click on "Allow".
  6. Reload the page. It now works as expected.
  7. Turn on the shield again for the API host (just go to https://y12wncqa.api.sanity.io). It still works.
  8. Delete site settings in order to get back to the blocking state.

I'm not sure how we should help our users with this problem, other than tell them to explicitly go into the site settings for https://eple.sanity.studio and allow that cookie. Is this the way it is supposed to be, or is it a bug, as this blocking started happening in the latest version of Brave. Before we were just able to turn the shield off for the API host and it would be allowed anywhere.
@rebron
Copy link
Collaborator

@rebron rebron commented Oct 4, 2019

cc: @ryanbr Can you take a look? Might be c77 related though @iefremov
@ryanbr
Copy link
Collaborator

@ryanbr ryanbr commented Oct 5, 2019

Checked if any referrer issues, only way around it is just to allow cookies for the moment.
@ryanbr
Copy link
Collaborator

@ryanbr ryanbr commented Oct 5, 2019

Cookie whitelist request: #5314
@rebron rebron added this to Untriaged Backlog in General Oct 8, 2019
@rebron rebron removed this from Untriaged Backlog in General Nov 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomlowenthal tomlowenthal

Labels
feature/cookie-allow-list feature/shields/cookies workaround/allow-all-cookies
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
@skogsmaskin @tomlowenthal @ryanbr @rebron
You can’t perform that action at this time.