allow "requestStorageAccess" in sidebar application for secure cookie handling

완료

17 댓글

  • Eric Nelson
    Zendesk Developer Advocacy
    Hey there,

    This is a great question, I've passed it along to our product team and will let you know what they say in the coming days.

    Thanks!
    2
  • Acenerate Support

    Thanks Eric!

    1
  • Zach Anthony
    Zendesk Product Manager

    Hi there,

    Thanks for the feedback. Support for this permission to be provided to apps is not currently on our roadmap, but it is something I'm happy to take on board to investigate the feasibility of. It would be great to understand though, what type of information are you storing in cookies for your app? 

    1
  • Acenerate Support

    Thank you Zach!  It is simply our authentication cookie; the cookie maintains session for our users within the application.

    1
  • Nick Meisenheimer

    Hi Eric Nelson Zach Anthony I just want to chime in on this request and say that the changes to 1st part cookie storage rules have more or less locked our team into using Firefox with some essential internal tooling we developed for Zendesk.

    We'd love for this permission to be added to the sandbox property for iframes, even if it's just available for private apps.

    Given that the request itself requires 1) user interaction, 2) some kind of consent to move forward I feel as though the inclusion of the permission is fairly safe. Especially when you couple it with CORS restrictions.

    I've escalated our request to our AE Sara Baca but would love the opportunity to discuss this further as we've got a build waiting to be deployed as a private app that is just waiting on these permissions.

    0
  • Zach Anthony
    Zendesk Product Manager

    Hi Nick, thanks for reaching out. Enabling apps to be able to use the Storage Access API has been logged as a feature request. While it hasn't been prioritized as yet, I will co-ordinate with your account executive to discuss further how we might be able to expedite this, since it has become a blocker for your private app deployment

    1
  • Nick Meisenheimer

    Thanks Zach Anthony - looking forward to it

    0
  • Benoit

    Hi  Zach Anthony, where can I follow progress on this?
    It is also an issue for our private application. Users will be able to manually work around it in some browsers, but this is not ideal.

    Regards
    Benoit

    0
  • Zach Anthony
    Zendesk Product Manager

    Hey Benoit, I understand that it's been a little while since I last updated this thread. I'll be sure to come back to this thread and provide an update when I have some progress to share. At this stage we're currently working through our internal processes to assess the implications of enabling this permission for app developers.

     

    1
  • Megumi Nakamura

    Hello Zach, I'd like to know when the "allow-storage-access-by-user-activation" is added to the iframe sandbox attribute. Is it already scheduled?

    0
  • Zach Anthony
    Zendesk Product Manager

    Hi Megumi, apologies for the lack of updates on this post. This has been on our backlog for some time, however we are planning to actively work on this in the current quarter

    0
  • Megumi Nakamura

    Hi Zach, Thanks for update! Please let us know if the schedule fixed. Thank you.

    0
  • Megumi Nakamura

    Hi Zach Anthony 

    Is there any update to this issue?

    I'd like to know how we have to take action to Chrome 3rd party cookie phase out.

    https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/

    0
  • Zach Anthony
    Zendesk Product Manager

    Hi Megumi, we're in the final stages of testing and plan to release this in the coming weeks. With respect to Google's Privacy Sandbox initiative, however, from what we have understood:

    Hope this helps!

    0
  • Megumi Nakamura

    Thanks Zach

    0
  • Megumi Nakamura

    I found "allow-storage-access-by-user-activation" is already allowed at iframe of Zendesk app.

    Thank you.

    0
  • Zach Anthony
    Zendesk Product Manager

    It turns out that we did in fact release support for this today, hope this helps with everyone's use cases.

    0

댓글을 남기려면 로그인하세요.

Zendesk 제공