allow "requestStorageAccess" in sidebar application for secure cookie handling

Completed


Posted Feb 02, 2023

Our Zendesk Marketplace application ("Git-Zen") relies on cookies; since Zendesk places the app in an IFRAME, the cookies are designated as third-party.  Most browsers can handle this by allowing our domain in the browser settings; however, Safari (webkit) users do not have this as an option.

Current best practices dictate that document.requestStorageAccess() is used for this purpose (https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess); however, in order for this to be used, the "sandbox" attribute of the IFRAME must have the "allow-storage-access-by-user-activation" token included.  This token simply allows the user to decide whether cookies will be permitted for a specific purpose.

Aside from having this token added to the sandbox parameter, there is no other secure way to allow Safari/webkit users to make use of our system without requiring them to allow all third-party cookies, which is obviously something that they should not have to do.

This should be a very simple enhancement to put in place; is this something that is planned to be added, and/or what is the recommended practice for handling this scenario until this can be added (or instead of, if this is not something that Zendesk will add)?

Thank you!


1

17

17 comments

Sign in to leave a comment.

Didn't find what you're looking for?

New post