Opened 4 years ago
Closed 4 years ago
#5836 closed defect (bug) (reported-upstream)
Prevent 3rd party cookies on Patterns directory
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Component: | General | Keywords: | |
| Cc: |
Description
On the front page of the (very cool) patterns directory, one of the current patterns is the "Podcast Subscription Box". This loads in many assets from Spotify servers (open.scdn.co, open.spotify.com, guc-spclient.spotify.com) as well as from sentry.io, and results with cookies stored on the open.spotify.com domain.
I haven't dug into it too much, but it may be that the iframe can be prevented from reading/writing cookies with the sandbox attribute.
(Ideally, IMO, not many non-wp.org assets would load on this page, but that may not be possible with how the blocks are injected.)
Maybe related: The Brave browser shows a notice that the wordpress.org/patterns page would like to install Google's Widevine DRM, which also seems like a strange requirement for this page.
I just realized there's a whole GitHub repo for this. Closing, sorry! :)