Our Zendesk Marketplace application ("Git-Zen") relies on cookies; since Zendesk places the app in an IFRAME, the cookies are designated as third-party. Most browsers can handle this by allowing our domain in the browser settings; however, Safari (webkit) users do not have this as an option.
Current best practices dictate that document.requestStorageAccess() is used for this purpose (https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess); however, in order for this to be used, the "sandbox" attribute of the IFRAME must have the "allow-storage-access-by-user-activation" token included. This token simply allows the user to decide whether cookies will be permitted for a specific purpose.
Aside from having this token added to the sandbox parameter, there is no other secure way to allow Safari/webkit users to make use of our system without requiring them to allow all third-party cookies, which is obviously something that they should not have to do.
This should be a very simple enhancement to put in place; is this something that is planned to be added, and/or what is the recommended practice for handling this scenario until this can be added (or instead of, if this is not something that Zendesk will add)?
Please sign in to leave a comment.