On Tue, Mar 19, 2013 at 6:38 AM, Seb35 <seb35wikipe...@gmail.com> wrote: > According to [1] and [2], Firefox 22 (release June 25, 2013) will change the > default third-party cookie policy: a third-party cookie will be authorized > only if there is already a cookie set on the third-party website. > > This would break most of the automatic login on sister projects on Wikimedia > websites, since the page just after the log in will no more set cookies of > sister projects, and you will have to manually log in to each domain (of > level wikipedia.org, not of level de.wikipedia.org) -- I tested with Firefox > 16. > > What could be done to mitigate this effect? According to [1] Safari already > have this policy; is there some workaround already in place for Safari > users? I don’t see other solutions than displaying some warning to the > Firefox/Safari users (via JavaScript).
We're already seeing this on mobile (especially with Safari). Definitely needs fixing... Putting a login cookie on a central site and fetching some kind of token over a CORS request might work... but I'm not sure how "fun" this is going to be to fix. :P -- brion _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
