Comments (10)
document.requestStorageAccessFor
requires CORS mode for the request. Additionally, it looks like you've put the "credentials" field in the headers
object, which won't do what you want.
This is probably close to what you want:
fetch("https://xyz.infoedgeindia.com/", {
"headers": {},
"credentials": "include",
"mode": "cors",
}).then((json) => {
...
});
from related-website-sets.
Hi @cfredric ,
Tried using cors as well
Still cross site cookie is not flowing to sub domain of infoedgeindia (associated site ) from primary site ( naukri)
May be due to sub-domain, cookie is not floating but ideally it should
With Cors enabled as well request cookie are not passing
fetch("https://xyz.infoedgeindia.com/", {
"headers": {},
"credentials": "include",
"mode": "cors",
}).then((json) => {
...
});
from related-website-sets.
Ah yes, it is because of the subdomain. requestStorageAccessFor(...)
accepts an origin, not a site, so you must provide the specific origin to which you need to send cookies.
from related-website-sets.
@cfredric even after mentioning xyz.infoedgeindia.com in requestStorageAccessFor(...) , ccokie set on infoedgeindia is not getting floated in request of xyz.infoedgeindia.com
from related-website-sets.
It's a bit tough for me to say what the problem is, without being able to see it myself. Broadly, these are the things I would check:
- Ensure that the
document.requestStorageAccessFor(...)
call supplies the correct origin. - Ensure that the
document.requestStorageAccessFor(...)
call is resolving (not rejecting), with a user gesture. - If the
fetch
request is in a script run by the top-level document:- Ensure the request mode is
"cors"
. - Ensure the request's
credentials
is"include"
.
- Ensure the request mode is
- If the
fetch
request is in a script run by an infoedgeindia.com iframe:- Ensure that the iframe has called
document.requestStorageAccess()
(and that promise resolved) before thefetch
request.
- Ensure that the iframe has called
- Inspect network activity in Chrome DevTools to see if the cookie is being blocked, and if so, why.
If you check all of those things, that should be enough to figure out why your cookie is not being sent.
from related-website-sets.
A sai.com
from related-website-sets.
thanks @cfredric for further clarification and explanation but we have already tried above things and this is not working
Ensure that the document.requestStorageAccessFor(...) call supplies the correct origin - we are calling it for correct origin and this is giving success as well
document.requestStorageAccessFor('https://infoedgeindia.com')
Ensure that the document.requestStorageAccessFor(https://infoedgeindia.com) call is resolving (not rejecting), with a user gesture - This is also resolving without user gesture.
Point 3 - Fetch request is already having "cors" request mode and request credentials is "include" as well
We have identified why it is not happening by trying changing different values of domain and subdomain
Reiterating the full scenario and issue here
RWS Set :-
{
"AssociatedSites": [ "https://ambitionbox.com", "https://infoedgeindia.com" ],
"PrimarySites": [ "https://naukri.com" ]
}
Request calling to associated site member (infoedgeindia.com) from Primary Member in RWS Set (www.naukri.com) is setting one cookie :-
i.e subdomain.infoedgeindia.com request on www.naukri.com is setting cookie on .infoedgeindia.com with samesite none and secure
Call for requestStorageAccessFor on naukri.com is resolving successfully
document.requestStorageAccessFor('https://infoedgeindia.com').then(
res => {
checkCookie()
},
err => {}
);
But cookies set on infoedgeinida.com are not floating subdomain calls
fetch('https://subdomain.infoedgeindia.com/collectorapi/v1/uba', {
method: "POST",
credentials: "include",
mode:"cors",
body: JSON.stringify({}),
});
}
Cookie set on infoedgeindia is not floating in above call and blocked ideally it should because by default cookies should float in subdomain calls
@cfredric we are bit stucked due to this , if we can connect over quick call and we can show you the issue and if may be you can help in resolving this , wont take much of your time but problem might get fixed for us , please let me know if we can connect
from related-website-sets.
document.requestStorageAccessFor('https://infoedgeindia.com')
fetch('https://subdomain.infoedgeindia.com/collectorapi/v1/uba',
You're specifying two different origins here:
https://infoedgeindia.com
https://subdomain.infoedgeindia.com
Note that the definition of an origin is very specific; it is more specific than "site", because an origin does not include any subdomains.
As I said in #448 (comment), if you want to send cookies to a particular origin, you need to use that origin when you call requestStorageAccessFor()
. I.e., you need to change your code to:
document.requestStorageAccessFor('https://subdomain.infoedgeindia.com').then(
// etc.
)
Invoking document.requestStorageAccessFor("https://infoedgeindia.com")
only grants cookie access to https://infoedgeindia.com
specifically. Any subdomain of that origin will still be blocked from accessing cookies, unless you specifically request access for it like in the code snippet I wrote above.
If you have changed the requestStorageAccessFor
call to use the correct subdomain specifically, and you're still not seeing the cookies on the request, try using Chrome DevTools to find out why the cookies are being blocked. (My guess would be that you need to set a Domain
attribute on the cookies.)
from related-website-sets.
from related-website-sets.
from related-website-sets.
Related Issues (20)
- Broken link in getting-started.md HOT 2
- Спасибо
- مهد شادی و خنده
- 07dc52e822eb7fa1f77ce90fa99e83314a78637ehamed pahlane
- Idk HOT 2
- https://github.com/GoogleChrome/related-website-sets/issues/458#issue-2390012009https://github.com/GoogleChrome/related-website-sets/issues/458#issue-2390012009https://github.com/GoogleChrome/related-website-sets/issues/458#issue-2390012009
- Help
- https://github.com/GoogleChrome/related-website-sets/issues/458#issue-2390012009
- Hey
- .github/workflows/auto-close-pr.yml
- Gi
- H
- @StevenSavold @ssavold @ HOT 1
- 1720156846994
- https://dmd-bitmoji.s3.amazonaws.com/1720071429585-user-data.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJMGFNAXHQS3W22YQ%2F20240704%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240704T053709Z&X-Amz-Expires=259200&X-Amz-Signature=2f340b1a14b4e26e7771ab1b21e6c72f1f0a83f2ea3f00b285df5e05a854f7cb&X-Amz-SignedHeaders=hos
- Development HOT 1
- An RWS should have the option for more than one contact
- https://github.com/LiteBrite82/jblank_portfolio_test/blob/gh-pages/index.html
- 3rd party access my mobile
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from related-website-sets.