allow "requestStorageAccess" in sidebar application for secure cookie handling
Posted Feb 02, 2023
Our Zendesk Marketplace application ("Git-Zen") relies on cookies; since Zendesk places the app in an IFRAME, the cookies are designated as third-party. Most browsers can handle this by allowing our domain in the browser settings; however, Safari (webkit) users do not have this as an option.
Current best practices dictate that document.requestStorageAccess() is used for this purpose (https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess); however, in order for this to be used, the "sandbox" attribute of the IFRAME must have the "allow-storage-access-by-user-activation" token included. This token simply allows the user to decide whether cookies will be permitted for a specific purpose.
Aside from having this token added to the sandbox parameter, there is no other secure way to allow Safari/webkit users to make use of our system without requiring them to allow all third-party cookies, which is obviously something that they should not have to do.
This should be a very simple enhancement to put in place; is this something that is planned to be added, and/or what is the recommended practice for handling this scenario until this can be added (or instead of, if this is not something that Zendesk will add)?
Thank you!
1
17 comments
Sign in to leave a comment.