PR #417 is not working, cookie are not floating on subequent subdomain requests about related-website-sets HOT 10 OPEN

document.requestStorageAccessFor requires CORS mode for the request. Additionally, it looks like you've put the "credentials" field in the headers object, which won't do what you want.

This is probably close to what you want:

fetch("https://xyz.infoedgeindia.com/", {
  "headers": {},
  "credentials": "include",
  "mode": "cors",
}).then((json) => {
  ...
});

from related-website-sets.

Hi @cfredric ,

Tried using cors as well
Still cross site cookie is not flowing to sub domain of infoedgeindia (associated site ) from primary site ( naukri)
May be due to sub-domain, cookie is not floating but ideally it should
With Cors enabled as well request cookie are not passing

fetch("https://xyz.infoedgeindia.com/", {
"headers": {},
"credentials": "include",
"mode": "cors",
}).then((json) => {
...
});

from related-website-sets.

Ah yes, it is because of the subdomain. requestStorageAccessFor(...) accepts an origin, not a site, so you must provide the specific origin to which you need to send cookies.

from related-website-sets.

@cfredric even after mentioning xyz.infoedgeindia.com in requestStorageAccessFor(...) , ccokie set on infoedgeindia is not getting floated in request of xyz.infoedgeindia.com

from related-website-sets.

It's a bit tough for me to say what the problem is, without being able to see it myself. Broadly, these are the things I would check:

• Ensure that the document.requestStorageAccessFor(...) call supplies the correct origin.
• Ensure that the document.requestStorageAccessFor(...) call is resolving (not rejecting), with a user gesture.
• If the fetch request is in a script run by the top-level document:
  • Ensure the request mode is "cors".
  • Ensure the request's credentials is "include".
• If the fetch request is in a script run by an infoedgeindia.com iframe:
  • Ensure that the iframe has called document.requestStorageAccess() (and that promise resolved) before the fetch request.
• Inspect network activity in Chrome DevTools to see if the cookie is being blocked, and if so, why.

If you check all of those things, that should be enough to figure out why your cookie is not being sent.

from related-website-sets.

A sai.com

from related-website-sets.

thanks @cfredric for further clarification and explanation but we have already tried above things and this is not working

Ensure that the document.requestStorageAccessFor(...) call supplies the correct origin - we are calling it for correct origin and this is giving success as well
document.requestStorageAccessFor('https://infoedgeindia.com')
Ensure that the document.requestStorageAccessFor(https://infoedgeindia.com) call is resolving (not rejecting), with a user gesture - This is also resolving without user gesture.

Point 3 - Fetch request is already having "cors" request mode and request credentials is "include" as well

We have identified why it is not happening by trying changing different values of domain and subdomain
Reiterating the full scenario and issue here

RWS Set :-
{
"AssociatedSites": [ "https://ambitionbox.com", "https://infoedgeindia.com" ],
"PrimarySites": [ "https://naukri.com" ]
}

Request calling to associated site member (infoedgeindia.com) from Primary Member in RWS Set (www.naukri.com) is setting one cookie :-

i.e subdomain.infoedgeindia.com request on www.naukri.com is setting cookie on .infoedgeindia.com with samesite none and secure

Call for requestStorageAccessFor on naukri.com is resolving successfully

 document.requestStorageAccessFor('https://infoedgeindia.com').then(
          res => {
            checkCookie()
          },
          err => {}
        );

But cookies set on infoedgeinida.com are not floating subdomain calls

fetch('https://subdomain.infoedgeindia.com/collectorapi/v1/uba', {
    method: "POST", 
    credentials: "include",
    mode:"cors",
    body: JSON.stringify({}), 
  });  
}

Cookie set on infoedgeindia is not floating in above call and blocked ideally it should because by default cookies should float in subdomain calls

@cfredric we are bit stucked due to this , if we can connect over quick call and we can show you the issue and if may be you can help in resolving this , wont take much of your time but problem might get fixed for us , please let me know if we can connect

from related-website-sets.

document.requestStorageAccessFor('https://infoedgeindia.com')

fetch('https://subdomain.infoedgeindia.com/collectorapi/v1/uba',

You're specifying two different origins here:

• https://infoedgeindia.com
• https://subdomain.infoedgeindia.com

Note that the definition of an origin is very specific; it is more specific than "site", because an origin does not include any subdomains.

As I said in #448 (comment), if you want to send cookies to a particular origin, you need to use that origin when you call requestStorageAccessFor(). I.e., you need to change your code to:

document.requestStorageAccessFor('https://subdomain.infoedgeindia.com').then(
  // etc.
)

Invoking document.requestStorageAccessFor("https://infoedgeindia.com") only grants cookie access to https://infoedgeindia.com specifically. Any subdomain of that origin will still be blocked from accessing cookies, unless you specifically request access for it like in the code snippet I wrote above.

If you have changed the requestStorageAccessFor call to use the correct subdomain specifically, and you're still not seeing the cookies on the request, try using Chrome DevTools to find out why the cookies are being blocked. (My guess would be that you need to set a Domain attribute on the cookies.)

from related-website-sets.

from related-website-sets.

from related-website-sets.