Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@spongessuck for auth, it's the 1st domain's credentials since 3rd party websites can embed a JS widget that shows user-contextual content from the 1st domain
now cant make the users sign-in for each 3rd party website if they've signed-in once on the 1st domain, right? -
I trust Mozilla, who has every reason to secure my data, over Google (a multinational ad company), who has every reason to make my data as accessible as possible.
-
Voxera113881yGenerally an iframe from another site is off limits unless cross origin or similar permission is specified.
Cookie permissions in by it self does not allow cross domain access I think. -
Parzi86631yConsidering Chromium is constantly sucking your data up and slowly denying you any control over that process, they're killing their own userbase just fine, which is impressive for the engine behind 99% of browsers.
@FuckJava that's retarded. and yes, I can say that, I have a debilitating mental affliction. -
@Voxera but it's the iFrame source's cookies, imagine the YT Embed thing, the iFrame embedding YT doesnt know the owner site's cookies but loads google auth cookies to sign in user when watching the embedded video, it's that thing, the security part doesnt come into play since iFrame source n cookie domain is the same! + sameSite = None
@cuddlyogre again, im reading my OWN domain's cookies, even from a security POV, the iFrame isnt accessing 2nd domain's cookies, it's trying to read its own cookies from the iFrame -
@Parzi its as if there were an olympics for companies competing to fail. They can't even call it the "special olympics" though. That ones already taken.
Related Rants
Firefox won't access iFrame's domain's Auth cookies when the iFrame is hosted on a 2nd domain, even when the cookies are Secore,SameSite=None, and sandbox is as lax as possible.
Works on chromium-based browsers.
Looked up SO and it's just "oh im facing the same" x10. FFS.
Why does Firefox behave so retarded. Not doing their shrinking userbase numbers any favour :v
rant
cookie
firefox