-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request storage access in state partitioned contexts #85
Conversation
Really hard for me to test this. According to the debugging section, I disabled all redirect heuristics and enabled state partitioning by setting
But I'm still able to log into the auth lobby just fine... The good news is: I also tested the auth lobby with this PR and it doesN't seem to break anything. 😅 I'll try another test with brave next |
Also working in brave. I've added some logging to see whether state partitioning stuff is triggered, but as it seems, it isn't (in brave). Not sure what's going on. In firefox, it detects state partitioning support, but it already has access (despite the settings I mentioned in my last post). If anyone has some ideas how to test this, feel free to tell them. Otherwise, I'm fairly sure the code won't break anything and can be merged. |
It doesn't look like this is implemented yet in Brave is it? Regarding Firefox, maybe https://developer.mozilla.org/en-US/docs/Web/API/StorageManager/persist has something to do with it? Which we call on the lobby side when authorising apps. Or maybe it just grants access automatically because you did so in the past? (even if you revoked access later on) |
Yeah right,
Maybe? 🤷♂️
Also possible :/ I've tried turn off everything as described in https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#debugging Should we merge this? If we don't, then here's a proposal: Let's publish this to another subdomain on production. And if someone comes to us with a state-partitioning issue (and we can't reproduce it), we can send them over to the 'alternative' auth lobby that contains this PR and they check whether it works? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Merge it 👍
@matheus23 Deployed to staging 🚢 |
Ok so this PR didn't help :( Notice this message:
But that'd mean a different UI flow completely: We'd have to have a button or something included in the iframe. :/ (and the iframe would have to be visible in the app & the user needs to interact with it!) |
TODO: Test this.
A user on discord told us he got this error: https://developer.mozilla.org/en-US/docs/Web/Privacy/Storage_Access_Policy/Errors/CookiePartitionedForeign
To reproduce this issue, we can use certain versions of firefox:
In the same document, there's also a debugging section with helpful info: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#debugging