Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Third party cookies blocked for us when upgrading to Brave 0.68 #6099

Open
skogsmaskin opened this issue Sep 20, 2019 · 3 comments
Open

Third party cookies blocked for us when upgrading to Brave 0.68 #6099

skogsmaskin opened this issue Sep 20, 2019 · 3 comments
Labels
feature/cookie-allow-list feature/shields/cookies Cookie controls implemented as part of Shields. workaround/allow-all-cookies

Comments

@skogsmaskin
Copy link

skogsmaskin commented Sep 20, 2019
edited by rebron
Loading

Description

We have an issue with our service for users upgrading to Brave version 0.68. Our service depends on a third party cookie for tracking login status in our API. This used to work just fine before users upgraded to v. 0.68. After upgrading to this version the cookie is now blocked. One would think that going into the API host and turning the shield down for that, would remove the block status of the cookie and make things work again, but it doesn't. I'm not sure if this is a bug of a feature.

Steps to Reproduce

  1. Go to https://eple.sanity.studio
  2. It will test third party cookie capabilities, and notice that it's getting blocked
  3. Click the "Try again" button, which will open up a popup that will let the user interact with the API domain (y12wncqa.api.sanity.io) in order to whitelist it. This works for Safari's ITP, but as Brave unconditionally blocks third party cookies, it's probably expected that this interaction will not work for Brave. Anyway, when the popup is open (which opens on the API domain), turn off the shield for that host.
  4. One would expect the cookies for y12wncqa.api.sanity.io would now be allowed as the shield is down for that host, but it continues to be blocked on https://eple.sanity.studio.
  5. On https://eple.sanity.studio click the Site Settings (lock symbol on the left to the location bar). Click on "Cookies". Click on the "Blocked" tab. The cookie for y12wncqa.api.sanity.io is listed as blocked. Select it and click on "Allow".
  6. Reload the page. It now works as expected.
  7. Turn on the shield again for the API host (just go to https://y12wncqa.api.sanity.io). It still works.
  8. Delete site settings in order to get back to the blocking state.

I'm not sure how we should help our users with this problem, other than tell them to explicitly go into the site settings for https://eple.sanity.studio and allow that cookie. Is this the way it is supposed to be, or is it a bug, as this blocking started happening in the latest version of Brave. Before we were just able to turn the shield off for the API host and it would be allowed anywhere.
@rebron
Copy link
Collaborator

rebron commented Oct 4, 2019

cc: @ryanbr Can you take a look? Might be c77 related though @iefremov

@ryanbr
Copy link

ryanbr commented Oct 5, 2019

Checked if any referrer issues, only way around it is just to allow cookies for the moment.

@ryanbr
Copy link

ryanbr commented Oct 5, 2019

Cookie whitelist request: #5314

ryanbr added a commit to brave/brave-core that referenced this issue Mar 23, 2021
@ryanbr
Fixes brave/brave-browser#6099
c4c8ffc
@ryanbr ryanbr mentioned this issue Mar 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature/cookie-allow-list feature/shields/cookies Cookie controls implemented as part of Shields. workaround/allow-all-cookies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes cookie issues on login https://eple.sanity.studio/desk brave/brave-core
4 participants
@skogsmaskin @tildelowengrimm @ryanbr @rebron