In a significant move towards enhancing user privacy, major web browsers are on a trajectory to deprecate support for third-party cookies to limit cross-site tracking. This shift has notable implications for developers of Front custom plugins or third-party integrations that rely on third-party cookies for authentication and other functionalities. Understanding this transition is crucial to ensure the continued seamless operation of your plugins once third-party cookies are fully deprecated.
Google's Countdown to Q1 2025
Google has made clear its intent to fully deprecate third-party cookies in Chrome browsers by Q1 2025 (originally Q3 2025). If your current plugins use third-party cookies, you will have to adapt them by end of year to avoid loss of functionality in Chrome. This deprecation impacts any user on Chrome-based browsers and the Front desktop app. For more details on Google's deprecation timeline, refer to their official blog post and their website.
Safari and Mozilla: Joining the Privacy Bandwagon
Google is not alone in this endeavor, nor is it the first to do so. Apple and Mozilla have already taken steps to limit or deprecate third-party cookies in their browsers. The Safari and Firefox browsers have a long-standing commitment to privacy and have been progressively implementing measures to curtail tracking and data collection. Google’s third-party cookie deprecation does not affect these browsers since they have already been enforcing this type of privacy measure.
The Implications for Front Plugins
For developers working on Front plugins that currently rely on third-party cookies, it's imperative to adapt to the evolving landscape as soon as possible. Authentication and various plugin features may be affected if your plugin was built to leverage third-party cookies. Front has never recommended nor required that plugins use third-party cookies, but we haven’t prevented the use of them either. This means that your plugin code might rely on third-party cookies and be susceptible to this deprecation.
You can determine whether your plugin uses third-party cookies by auditing your code for cookies set to SameSite=None as explained by Google. If you identify third-party cookies, you will have to modify your code so that your plugin no longer relies on them.
The Recommended Paradigm: Partitioned Cookies (CHIPS) and the Storage Access API
Front suggests exploring Partitioned Cookies, also known as CHIPS, or the Storage Access API to replace third-party cookies on Chrome browsers. These paradigms provide privacy-preserving alternatives that align with the changing standards of browser behavior, allowing third-party services to set cookies while preventing cross-site tracking of those cookies.
- CHIPS: This solution does not require end user interaction. It is useful if the third party cookie does not need to be shared across third-party contexts (you only need to set a third-party cookie in Front).
We recommend the following guide to learn about CHIPS:
Mozilla's Guide to Partitioned Cookies (CHIPS)
Example: You can refer to a Next.js example for setting partitioned cookies for Google Sign In in our Developer Q&A.
Note that Firefox and Safari support the CHIPS protocol (which was designed for the Chrome cookie deprecation) in their own ways. Firefox partitions all third-party cookies by default. Safari will simply ignore the instructions to partition the cookies. There is a discussion about what these browsers have implemented and how you might handle their policies on the CHIPS GitHub page. - Storage Access API: This solution requires the end user to opt in to a prompt and grant access to third-party cookies. It is useful if the cookie needs to be shared across third-party contexts, such as cookies that need to be set for authentication, preferences, or other personalization features.
We recommend the following guide to learn about the Storage Access API:
Storage Access API
The Storage Access API has broad browser compatibility support. Front plugins include theallow-storage-access-by-user-activationattribute in the iframe to allow you to use therequestStorageAccesscall from within your plugin. Doing so enables you to request third-party cookies from the plugin.
Front's Ongoing Evaluation and Future Recommendations
Front is monitoring the evolving landscape of browser privacy measures and is actively evaluating the impact of third-party cookie deprecation on Front plugins. As part of our commitment to supporting developers, we will share updated recommendations as we gain new insights and navigate the changing terrain of web standards.