Opened 3 years ago

Closed 3 years ago

#5836 closed defect (bug) (reported-upstream)

Prevent 3rd party cookies on Patterns directory

Reported by: jeremyfelt's profile jeremyfelt Owned by:
Milestone: Priority: normal
Component: General Keywords:


On the front page of the (very cool) patterns directory, one of the current patterns is the "Podcast Subscription Box". This loads in many assets from Spotify servers (,, as well as from, and results with cookies stored on the domain.

I haven't dug into it too much, but it may be that the iframe can be prevented from reading/writing cookies with the sandbox attribute.

(Ideally, IMO, not many assets would load on this page, but that may not be possible with how the blocks are injected.)

Maybe related: The Brave browser shows a notice that the page would like to install Google's Widevine DRM, which also seems like a strange requirement for this page.

Change History (1)

#1 @jeremyfelt
3 years ago

  • Resolution set to reported-upstream
  • Status changed from new to closed

I just realized there's a whole GitHub repo for this. Closing, sorry! :)

Note: See TracTickets for help on using tickets.