New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Partitioned
cookie attribute
#2130
Comments
Thanks for bringing this to our attention. It seems reasonable to me. Do you want to make a PR? |
Sure! Just submitted #2131 The PR raises an error if the |
Thanks for doing that, @flavio-b. We have similar request and wondering the timeline for the next release, and if any plan to backport this to previous release (we are still on Rack 2) |
I don't think we should backport this to either Rack 3.0 or 2.2. We should only be backporting security fixes to Rack 2.2, and only bug and security fixes to Rack 3.0. However, other committers may feel differently. |
Pragmatically speaking, I'd be willing to entertain back-porting this to 3.0, but I basically agree with Jeremy, we should probably try to follow a more predictable model where possible, i.e. only back-port security fixes. Now that Rails 7.1 is released, I think we can start moving towards a Rack 3.1 release. So, maybe that's something we can focus on so this feature is released sooner rather than later. |
We do have the same issue, and chrome is going to deprecate third-party cookies for 1% of Chrome users globally starting Q1 2024 https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline |
@jeremyevans what would you like to do here? |
I think we should merge this. However, as it is a new feature and not a bug fix, I don't think we should backport it. |
@jeremyevans, #2131 has been merged. Are you able to do a 3.1 release as @ioquatix suggested? |
I am not. I'm on the rack core team, but I'm not an owner of the rack gem. The core team needs to review other existing pull requests before deciding which to merge before 3.1. |
@jeremyevans any news about this? |
We are aiming to do a 3.1 release within the next two months. |
The absence of support for the Partitioned cookie attribute poses significant security risks and could lead to compliance issues. Can we prioritize its release to mitigate these risks ASAP? |
Chrome is phasing out third-party cookies and since Q1 this year, for 1% of the users they're already being blocked. |
As a workaround for earlier versions of
Inspired from this post. Hope this helps! |
From the middle of 2024 onwards, Chrome will start requiring the use of a
Partitioned
attribute when an embedded site wants to set a cookie (source).This attribute is still listed as an experimental feature on MDN, but it might be useful to be able to set this attribute now.
From what I gather, it seems like what's needed is a change to
Rack::Utils#set_cookie_header
to accommodate a new option.Use case: An embedded Rails app that needs to set a cookie for basic session and flash messages.
Are there any plans to support this option? Or is it too early?
Warning message from Chrome:
The text was updated successfully, but these errors were encountered: