[wp-meta] [Making WordPress.org] #5836: Prevent 3rd party cookies on Patterns directory
Making WordPress.org
noreply at wordpress.org
Wed Jul 21 23:25:37 UTC 2021
#5836: Prevent 3rd party cookies on Patterns directory
------------------------+--------------------
Reporter: jeremyfelt | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: General | Keywords:
------------------------+--------------------
On the front page of the (very cool) patterns directory, one of the
current patterns is the "Podcast Subscription Box". This loads in many
assets from Spotify servers (open.scdn.co, open.spotify.com, guc-
spclient.spotify.com) as well as from sentry.io, and results with cookies
stored on the open.spotify.com domain.
I haven't dug into it too much, but it may be that the iframe can be
prevented from reading/writing cookies with the `sandbox` attribute.
(Ideally, IMO, not many non-wp.org assets would load on this page, but
that may not be possible with how the blocks are injected.)
Maybe related: The Brave browser shows a notice that the
wordpress.org/patterns page would like to install Google's Widevine DRM,
which also seems like a strange requirement for this page.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5836>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list