Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Developing on localhost with strict cookies #284

Closed
dpetzev opened this issue Mar 13, 2024 · 4 comments
Closed

Developing on localhost with strict cookies #284

dpetzev opened this issue Mar 13, 2024 · 4 comments
Labels
third-party-cookies Third-party cookies

Comments

@dpetzev
Copy link

dpetzev commented Mar 13, 2024
edited
Loading

Hi guys,

I've read the new third-party restrictions that are about to be implemented, all sounds great, all works on our end.

But, how do we continue developing and testing our frontend locally on http://localhost when the cookie is SameSite=Secure and the backend is fronted by a CDN? Will there be some sort of flag that would enable us to do cross-site requests for development after Chrome has fully phased out third-party cookies or will they be fully blocked?

Context:

The cookie we create is associated with our customdomain.com and the frontend is communicating with AWS CloudFront where the custom domain is added as an alternate name. So the browser will just not send the cookie from localhost. Deploying a local backend is not really an option for us. And continuously deploying changes to pr-***.dev.customdomain.com just to test a small change is not great either.

Any tips or pointers on how we can continue local development?

Edit: SameSite=Strict is what I meant
@dpetzev dpetzev added the third-party-cookies Third-party cookies label Mar 13, 2024
@johannhof
Copy link
Collaborator

johannhof commented Mar 15, 2024
edited
Loading

Hello, thanks for the question.

  1. Since there's no SameSite=Secure I'm aware of, did you mean SameSite=Strict or SameSite=None; Secure?
  2. Could you try unblocking via the "eye" icon on the right hand side of the URL bar to see if that unbreaks your testing?

@dpetzev
Copy link
Author

dpetzev commented Mar 15, 2024

  1. Yes, I apologize. I meant SameSite=Strict
  2. Currently we are not blocked, but come Q3 2024 (or whenever you guys decide to roll out fully blocking third-party cookies), will there be any way to develop on localhost sending requests to customdomain.com?

@sbingler
Copy link

Hi,

To clarify: SameSite=Strict isn't considered a third-party cookie (since it is only ever sent in a first-party context) and so it isn't affected by the third-party cookie phaseout. If your browser is on localhost then a SameSite=Strict cookie should never be sent to customdomain.com.

Any tips or pointers on how we can continue local development?

One common option is to edit the dev machine's hosts file to point your production hostname to your local server, something like 127.0.0.1 prod.customdomain.com

@dpetzev
Copy link
Author

dpetzev commented Apr 23, 2024
edited
Loading

Hello, sorry for the late reply. A combination of adding this to the host file 127.0.0.1 local.customdomain.com, using mkcert and CloudFront Origins did the trick for us. Thank you for the help!

@dpetzev dpetzev closed this as completed Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
third-party-cookies Third-party cookies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johannhof @sbingler @dpetzev