Content
@
https://warpcast.com/~/channel/frames-v2
0 reply
0 recast
0 reaction
Daniel - Bountycaster
@pirosb3
How do cookies work in Frames V2? After authenticating a user with SIWF, I'm trying to set a session cookie but nothing seems to persist when testing in Warpcast's online debugger view
3 replies
0 recast
6 reactions
Sinaver
@sinaver.eth
not much about frame V2, but how cookies are stored/used in cross-request env like iframe: cookie should be passed with SameSite = none, otherwise browser will check if it's under same domain of the caller domain obviously, this makes it less secure because other websites can now use the cookie to make calls to your API, hence you need to limit API with proper CORS, so browser doesn't pass cookie unless the website in the list https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
2 replies
0 recast
0 reaction
Daniel - Bountycaster
@pirosb3
Really useful thanks. Do you set cookies on Payflow frames (V2)?
1 reply
0 recast
1 reaction
Sinaver
@sinaver.eth
yes, I don't think there is other option as of now, storing in local storage or session storage is not secure. You can also opt for Partioned attribute, which will add a parent (Warpcast) namespace for storing your embedded web app cookies, but I think it's not supported everywhere yet (and haven't tried it yet). There is also storage access API (like camera access permission but for cookies), but again experimental, and UX is worse.
1 reply
0 recast
1 reaction
Sinaver
@sinaver.eth
ah, "Partioned" is not supported in webView :( https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies
0 reply
0 recast
0 reaction
