Greetings,
I have questions regarding ITP 2.3 and CNAME subdomains.
Our portal offers interoperability between multiple health care platforms through an iframe. In the current situation, all of the parties that integrate with our platform host their applications via a DNS CNAME record that is owned by our shared customer (let's say: customer.com). This means our applications also use CNAMEs. As we all share the same parent domain, I'd expect Safari to not use ITP as they should be handled like first-party cookies.
ITP is blocking specific subdomains though. This is a simplified version of our current situation:
I tried to get more information on why the cookie gets blocked, but unfortunately the ITP debug mode doesn't show any logs on why the cookie is blocked.
So I'd love to know if ITP is expected to kick in for the above scenario. And if so, why? And are there any good documents on exactly when Safari handles a cookie as a third-party cookie?
As well, are there any suggestions on what to do when the ITP debug mode doesn't give any informative logs? I don't receive logs in the console nor in the kernel (log stream -info | grep ITPDebug).
Thanks in advance,
Joris
P.S. I understand that implementing the Storage Access API is the offered solution. But we currently choose this approach as we think the Storage Access API is quite disruptive UX-wise as there is no "always allow" option (yet?) and our users go to a lot of different hosts.
I have questions regarding ITP 2.3 and CNAME subdomains.
Our portal offers interoperability between multiple health care platforms through an iframe. In the current situation, all of the parties that integrate with our platform host their applications via a DNS CNAME record that is owned by our shared customer (let's say: customer.com). This means our applications also use CNAMEs. As we all share the same parent domain, I'd expect Safari to not use ITP as they should be handled like first-party cookies.
ITP is blocking specific subdomains though. This is a simplified version of our current situation:
portal.customer.com CNAME portal.supplierA.com
app1.customer.com CNAME app.supplierA.com ✅
app2.customer.com CNAME app.supplierB.com ❌
I tried to get more information on why the cookie gets blocked, but unfortunately the ITP debug mode doesn't show any logs on why the cookie is blocked.
So I'd love to know if ITP is expected to kick in for the above scenario. And if so, why? And are there any good documents on exactly when Safari handles a cookie as a third-party cookie?
As well, are there any suggestions on what to do when the ITP debug mode doesn't give any informative logs? I don't receive logs in the console nor in the kernel (log stream -info | grep ITPDebug).
Thanks in advance,
Joris
P.S. I understand that implementing the Storage Access API is the offered solution. But we currently choose this approach as we think the Storage Access API is quite disruptive UX-wise as there is no "always allow" option (yet?) and our users go to a lot of different hosts.