WordPress.org

Making WordPress.org

Opened 4 months ago

Closed 4 months ago

#5836 closed defect (reported-upstream)

Prevent 3rd party cookies on Patterns directory

Reported by: jeremyfelt Owned by:
Milestone: Priority: normal
Component: General Keywords:
Cc:

Description

On the front page of the (very cool) patterns directory, one of the current patterns is the "Podcast Subscription Box". This loads in many assets from Spotify servers (open.scdn.co, open.spotify.com, guc-spclient.spotify.com) as well as from sentry.io, and results with cookies stored on the open.spotify.com domain.

I haven't dug into it too much, but it may be that the iframe can be prevented from reading/writing cookies with the sandbox attribute.

(Ideally, IMO, not many non-wp.org assets would load on this page, but that may not be possible with how the blocks are injected.)

Maybe related: The Brave browser shows a notice that the wordpress.org/patterns page would like to install Google's Widevine DRM, which also seems like a strange requirement for this page.

Change History (1)

#1 @jeremyfelt
4 months ago

  • Resolution set to reported-upstream
  • Status changed from new to closed

I just realized there's a whole GitHub repo for this. Closing, sorry! :)

Note: See TracTickets for help on using tickets.