Making WordPress.org

Opened 4 months ago

Closed 4 months ago

#5836 closed defect (reported-upstream)

Prevent 3rd party cookies on Patterns directory

Reported by: jeremyfelt Owned by:
Milestone: Priority: normal
Component: General Keywords:


On the front page of the (very cool) patterns directory, one of the current patterns is the "Podcast Subscription Box". This loads in many assets from Spotify servers (open.scdn.co, open.spotify.com, guc-spclient.spotify.com) as well as from sentry.io, and results with cookies stored on the open.spotify.com domain.

I haven't dug into it too much, but it may be that the iframe can be prevented from reading/writing cookies with the sandbox attribute.

(Ideally, IMO, not many non-wp.org assets would load on this page, but that may not be possible with how the blocks are injected.)

Maybe related: The Brave browser shows a notice that the wordpress.org/patterns page would like to install Google's Widevine DRM, which also seems like a strange requirement for this page.

Change History (1)

#1 @jeremyfelt
4 months ago

  • Resolution set to reported-upstream
  • Status changed from new to closed

I just realized there's a whole GitHub repo for this. Closing, sorry! :)

Note: See TracTickets for help on using tickets.