Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Third-party matching trial token loaded in top level site is still not allowing 3P cookies access #330

Open
annamalai87 opened this issue Apr 23, 2024 · 5 comments
Open

Third-party matching trial token loaded in top level site is still not allowing 3P cookies access #330

annamalai87 opened this issue Apr 23, 2024 · 5 comments
Labels
third-party-cookies Third-party cookies

Comments

@annamalai87
Copy link

annamalai87 commented Apr 23, 2024
edited
Loading

Our usecase(http://b/332975135) to access third party cookies for the origin https://pay.google.com is recently approved.
We could successfully inject the trial token with third party matching in the top level site when it loads our script. Although developer tool shows the token is valid in the application tab, when the top level site loads the iframe with the origin pay.google.com is still unable to access the top level site cookies.

Here are the screenshots:

Top level site shows the trial token is injected:

image

Developer tool shows the trial token is valid:

image

Iframe with the origin pay.google.com still unable to access 3P cookies:

image

Same Iframe when we enable the option to access 3P cookies manually can access 3P cookies:

image
@annamalai87 annamalai87 added the third-party-cookies Third-party cookies label Apr 23, 2024
@hoodjoshua
Copy link

hoodjoshua commented Apr 24, 2024
edited
Loading

Can you confirm that you're using the following flag configuration?

chrome://flags/#third-party-cookie-deprecation-trial → enabled
chrome://flags/#tracking-protection-3pcd → enabled
chrome://flags/#tpcd-metadata-grants → disabled
chrome://flags/#tpcd-heuristics-grants → disabled

@wanderview
Copy link

Also please confirm you are not testing in incognito mode which uses a stricter form of 3P cookie blocking.

@hoodjoshua
Copy link

After taking a closer look at your demo page, the issue appears to be that after the script runs and injects the pay.google.com trial token, there is a pay.google.com iframe loaded without the trial token.

The trial is persistent, so loading an iframe from the token origin without the trial token will disable the trial. This is noted under the graphic here.

@annamalai87
Copy link
Author

annamalai87 commented Apr 25, 2024
edited
Loading

You are right about the trial being not persistent as soon as the first iframe was loaded without the token.
However, after loading the iframe with the same token (By setting its origin-trial response header), still the trial seems to be disabled. Should we need to use two tokens? One for top level site with third party matching and another when loading the iframe?

@hoodjoshua
Copy link

hoodjoshua commented Apr 29, 2024
edited
Loading

Should we need to use two tokens? One for top level site with third party matching and another when loading the iframe?

Yes, you will need a different token for the iframe.

The "third-party matching" tokens are only for use by scripts that inject the token on other origins. The tokens that can be used by iframes are provided for trial registrations where the "third-party matching" box is not checked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
third-party-cookies Third-party cookies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wanderview @annamalai87 @hoodjoshua