Disable 3rd party cookie requirement globally

Answered

49 Comments

  • Mandy

    Hello there David, thank you for your question. Yes, there have understandably been requests to allow this option. Even so, cookies are a necessity to log into the Help Center and use Zendesk. This is a part of Zendesk's security architecture.

    Zendesk maintains a large application audit log to include security events such as user logins or configuration changes. The Zendesk application utilizes numerous framework level protections to help prevent Web application vulnerabilities and to secure credential storage. 

    All cookies that are sent during the login action would need to be accepted for the authentication process to be performed. Please check out our cookie policy for more details. Your end users can use any browser, but they will all use cookies. The difference is just in the browser's security settings, which can require to allow cookies each time, or to always allow cookies for that site, for example.

     

    0
  • Thilo Langbein

    Third Party cookies are a privacy nightmare. This as not acceptable - these days!

    9
  • Nicole S. - Community Manager
    Zendesk Community Team

    Hi Thilo -

    Are you having a specific issue with cookies that we can assist you with?

    0
  • Seth

    The 3rd party cookie requirement is extremely lame.

    I've had 3rd party cookies blocked by default in all my browsers for literally years now.

    Pretty much the only web site authentication mechanism that has a problem with this is Zendesk.

    Why are so many other web sites able to allow logins without forcing end users into the surveillance matrix of the 3rd party cookie regime?

    It's such a pain in the neck, it really has made be despise using the Zendesk product as an end user, and I would never recommend it to my clients for this reason alone.

    6
  • Andy Zarzycki

    I have turned off "Block third-party cookies" in Chrome and have added [*.]zendesk.com to the allow list, and still I get the message "Your browser restricts cookie usage." As far as I can tell, this happens on any support site powered by Zendesk, but not Zendesk itself (here).

    I've cleared cookies and updated Chrome twice since this started happening about two weeks ago, yet at this point I cannot log into any Zendesk powered site using Chrome. Incognito mode doesn't help.

    I've verified that my browser receives Set-Cookie headers for things like __cfduid, _zendesk_shared_session, _zendesk_session and _cfruid and and clears the _zendesk_authenticated cookie. On subsequent requests my browser sends all those values that were set back in a cookie header. There are no failed network requests nor any errors in my JS console. It doesn't look like my browser is actually not accepting cookies, yet the Zendesk login mechanism seems to mistakenly believe otherwise. 

    Using a non-default browser is highly cumbersome. Any suggestions on what to try?

    1
  • George Deligiannis

    I have the same issue since this morning. I'm using chrome and since yesterday, I have the same setup, no new updates or anything. I was kicked out from my session and i had to sign in again this morning.

    Well, the login works and then it doesn't load. Zendesk says that "xxx.zendesk.com refused to connect.". And it keeps reloading.

    Of course it works in other browsers, but not in chrome.

    I enabled third party cookies, but no difference at all. Even in incognito mode.

    It also says at the login screen "Your browser restricts cookie usage. Click here to restart your sign in." When I click it, nothing happens.... this is really weird and frustrating.

    5
  • Avi Kelman

    This affects Safari 13.0.3 as well trying to connect to third party zendesk support sites (e.g. support.circleci.com).

    0
  • Brett - Community Manager
    Zendesk Community Team

    @Andy and George, that definitely sounds like odd behavior going on. Have you tried uninstalling and re-installing Chrome to see if that helps? I'd be happy to create a ticket on your behalf if the issue continues.

    @Avi, I tried accessing the URL you provided using Safari but was unable to replicate this behavior. Are you still experiencing issues with 3rd party cookies on your end?

    Let me know!

    0
  • Avi Kelman

    3
  • Brett - Community Manager
    Zendesk Community Team

    Thanks for the update Avi!

    I'm going to bring this into a ticket so our Customer Advocacy team can troubleshoot further.

    You'll receive an email shortly stating your ticket has been created.

    Cheers!

    0
  • George Deligiannis

    Avi Kelman thanks a lot for this! This is exactly what I experience!!!! 

    Brett - Community Manager i reset chrome and I cleaned all cookies, stored data etc... I didn't try to uninstall and reinstall yet

    1
  • Avi Kelman

    It looks like in Safari the problem is that cross-site tracking prevention stays active even if you turn it off until Safari is fully quit and restarted.

     

    I would like to reiterate the request from others, though, that cross-site tracking prevention is there because 99.99% of all use-cases are for spying on people. Requiring users to disable that protection is a serious invasion of personal security, and every other website manages to work just fine without requiring tracking across domains.

    5
  • Seth

    THIS ==> "cross-site tracking prevention is there because 99.99% of all use-cases are for spying on people."

    2
  • David D'Agostino

    It baffles me that Zendesk staff side is surprised about this error.   My company started using zendesk  earlier this year, and since day 1, I cannot logon my mac using Safari.  It's not limited to me or something misconfigured.  It happens to all my engineers.   For me, using chrome actually made it work, but this is unacceptable.    When i click a link expecting it to seamlessly take me to the ticket deatails, but instead I'm stopped at login with a Cookies message, one that provides a busted solution, well, enough said.    Imagine on the 6th different time/day this happens... each time you regain faith that you fixed it and you  "Click here to restart your login"... only for it to refresh back to the same busted login page with the same busted message.

    We too submitted a ticket to zendesk about this from day 1.  I just talked to my colleague who submitted it and it was shrugged off and no solution provided.  Asking users, some of who have been in the industry for longer than zendesk has been a company, to resinstall their browser to see if it fixes is nuts!!!   The beauty of a web app is convenience, no need to install anything.    It shouldnt be the users that have to work around you, it should be you finding solutions to keep your customers happy.

    WORKAROUND FOR SAFARI USERS 

    To anyone using Safari on a mac, you can fix this by going to Safari -> prefrences -> privacy -> Website Tracking -> Prevent cross-site tracking.   Uncheck this.    Fully quit safari program, restart it, and the cookies message on log-in goes away. I don't think this is acceptable, as the cores features of zendesk shouldn't need to rely on this type of tracking.

    ZENDESK ASK

    At a minimum, change the message from "your browser restrict cooke usage.  Click here to restart login"  to something helpful.  Clicking a link to restart that goes right back to the same error page is the worst scenario.    Instead, provide language as to why you require this cookie tracking and instructions on how to allow it on the most popular browsers.     Some users will still be angry cause privacy is king these days.  But at least the users won't think Zendesk is just incompetent.

    Also - provide my solution to your engineers and support staff.   It makes things much worse when end users are asked to reinstall their browser as a fix.   It shows a lack of understanding of the problem and in most cases, will not fix.    

     

    Thanks

    2
  • Chris Parker

    I have this same problem and it's driving me mad

    The workaround above doesn't work for me - I have unchecked this option, restarted Safari, hell I even restarted my entire MacBook and I still get the same issue.  I login fine without error using Chrome, but that isn't a solution for me.

    1
  • Brett - Community Manager
    Zendesk Community Team

    Hey Chris,

    I'm going to bring this into a ticket so our Customer Advocacy team can look into this for you.

    You'll receive an email shortly stating your ticket has been created.

    Cheers!

    0
  • Seth

    How about zendesk fixes this problem at the source and re-engineers the product to do away with the insane 3rd party cookie requirement?

    Is that option on the table?

    Please stop torturing your userbase with the existing hack job authentication scheme.

    4
  • Kevin Franck

    I am using Chrome on macOS v10.15.2.  I am experiencing the exact same problem as @Andy, George and Avi and have tried everything described in this thread (turned off "Block third-party cookies" in Chrome, added zendesk.com to the allow list, cleared existing cookies, etc.).  I can't get past the login page that displays the message "Your browser restricts cookie usage. Click here to restart your sign in." 

    Has anyone come-up with a resolution for this problem?

    1
  • Andy Zarzycki

    Brett - Community Manager  Still experiencing the issue despite resetting Chrome, disabling all extensions, re-checking that third party cookies are enabled and zendesk is in the whitelist.

     

    I have taken to using MS Edge, so when I click on a zendesk link in an email notification I let it load the page with the "Your browser restricts cookie usage. Click here to restart your sign in." message (I am naively hopeful that maybe it'll get fixed one day), then I copy that url into Edge.  I need to chime in on dozens of tickets most days, so this is a huge inconvenience.

    Also being in the web development industry since 1999 I know that your login system does not have to be architected this way. This cross-(sub-)domain login problem is solved already. What you're looking for is to be an Oauth provider. (You do consume Oauth for federated logins with Google, etc, already but that's different than being an authentication provider) Re-architecting your login system is the right and proper long term solution to this problem.

    However, clearly your system works on many instances of Chrome (or Safari or something else) with the same version numbers as some machines on which it consistenly fails. On machines where the problem manifests itself the attempt to load the page after the login submission fails with a "subdomain.zendesk.com refused to connect" error. It could well be that this issue has nothing to do with browser settings but is a rare bug that crashes at some layer in your api stack. Given that your login page also erroneously claims cookies are disabled--while I can see cookies actually being sent to the page--leads me to suspect your load balancers not passing data/headers/something as expected in some scenario.

    Please, have your engineers investigate this.

     

    Andy

    3
  • Brett - Community Manager
    Zendesk Community Team

    Hey Andy,

    Thanks for the detailed explanation here! I'm going to create a ticket on your behalf so our engineers can investigate this issue on your end. You'll receive an email shortly stating your ticket has been created.

    Cheers!

    0
  • Will O'Neal

    Is the official response to this going to be addressed individually, as per Andy? Because I have to use an older OS and an older version of Chrome now as well.

    0
  • Brett - Community Manager
    Zendesk Community Team

    Hey Will,

    It looks like we have a problem ticket related to this issue that is currently escalated to our engineers. This is something our team is still investigating so I'd be happy to create a ticket on your behalf if you haven't already done so.

    Let me know!

    0
  • Arian Samsavar

    Experiencing this same issue... Suggested Safari workaround was unsuccessful, luckily I am still able to login via chrome.

    0
  • paulatlan

    Experiencing the same issue since this morning. 

    I second the fact that it is unacceptable to ask users to lower their privacy expectations for the sake of ONE website!

     

    1
  • Yao

    Suspend this relates to the Chrome SameSite Cookie feature (https://www.chromestatus.com/feature/5088147346030592). This feature is slowly released to all Chrome user, and will be official released in Chrome 80 in Feb 4th, 2020

    There is a workaround that fix my problem in Chrome (which disable the feature):

    If you experience the same problem in Firefox:

    • Go to about:config 
    • Disable the following two configs:
      • network.cookie.sameSite.laxByDefault
      • network.cookie.sameSite.noneRequiresSecure
    1
  • Brett - Community Manager
    Zendesk Community Team

    Thanks for sharing Yao!

    0
  • Kevin Franck

    Yao,

    Your workaround for Chrome finally fixed it!  I've been struggling with this for weeks.

    Thank you!

    0
  • Andy Zarzycki

    Can confirm that disabling the SameSite security setting results in Zendesk logins working again on my machine.

    Brett - Community Manager The fix to not requiring customers to set these flags is to add the SameSite header to your HTTP response. I guess you have until February when this setting rolls out to all Chrome users. 

    0
  • Abed Islam

    I started having the same issue in Chrome Canary Version 81.0.4033.0 (Official Build) canary (64-bit) once I turned on host mapping w/ SSL. I get the "Your browser restricts cookie usage. Click here to restart your sign in." It then either gets stuck between domain.com and subdomain.zendesk.com. (If in Incognito, it fails to connect, otherwise it may error out by other means or just end back in the same place.)

    Haven't tried Yao's recommendation yet, but regular Chrome works fine, it's currently at Version 79.0.3945.117 (Official Build) (64-bit) but will be updated to something else by the time I restart.

    I wouldn't mind a ticket to be kept in the loop. This is pretty critical, security is a big deal for us (as it should be for everyone). We can't have customers turning off security flags (for those tech savvy enough to even do that).
    0
  • Brett - Community Manager
    Zendesk Community Team

    Hey Abed,

    Thanks for the update! As requested, I have created a ticket on your behalf so you stay updated on our developer teams progress.

    Cheers!

    0

Please sign in to leave a comment.

Powered by Zendesk