Third Party Cookies Blocked - Explained
If you are using Google Chrome or a different Chromium based browser, you may have seen a warning recently that says something about third party cookies being blocked. In this post I explain what that means, what third party cookies are and why they weren't invited to our party.
What Are Third Party Cookies?
Let's say that you're visiting https://example.com. Let's say that website makes an ajax request to https://example.com/init.php and that request has a set-cookie header. Cookies created with that set-cookie header are first-party cookies because the origin of that ajax request are the same as the hostname of the page that triggered that request.
Now let's say that the same page ( https://example.com ) is using a service to show users funny gifs and it is making a request to https://example-website-with-gifs.com/get-gifs.php to fetch information about what gifs to show. If that request returns a set-cookie header - that cookie will be considered third-party, because it originated from a different origin.
Third-party cookie deprecation
Because of the recent changes to the google chrome browser, these third party cookies will not be allowed by default.
You can read more about it here: Prepare for phasing out third-party cookies and here: Storage Partitioning.
What does this mean for chrome extension development?
If your chrome extension was relying on injecting an iframe that is hosted on a third-party origin and cookies or local storage to store user's access tokens and session data - that will not work anymore. The solution is to start using chrome.storage.local instead.