π‘ Read "First-Party Sets testing instructions" for more detail!
This demo will show you how to set up First-Party Sets, requestStorageAccess()
, and requestStorageAccessForOrigin()
in Chrome for local testing. This site will attempt to set a number of same-site and cross-site cookies to run through the different functionality.
1β£ [β¦] Chrome 108 or higher required.
2β£ Launch Chrome with the following command line arguments:
google-chrome \ --enable-features="FirstPartySets:FirstPartySetsClearSiteDataOnChangedSets/1,StorageAccessAPI,StorageAccessAPIForOriginExtension,PageInfoCookiesSubpage,PrivacySandboxFirstPartySetsUI" \ --use-first-party-set="{\"primary\": \"https://first-party-sets.glitch.me\", \"associatedSites\": [\"https://fps-member-1.glitch.me\"]}" \ https://first-party-sets.glitch.me/
Note: Command line arguments must be passed exactly as isβit's pretty picky! You can find an explanation of the flags in the accompanying developer article.
3β£ [β¦] document.requestStorageAccess()
available.
4β£ [β¦] document.requestStorageAccessForOrigin()
available.
5β£ In Chrome settings, go to Privacy and Security β Cookies and other site data or chrome://settings/cookies
. Under General settings ensure that Block third-party cookies is enabled and the sub-option Allow related sites to see your activity in the group is also enabled.
6β£ [TEST] Third-party cookies are blocked.
7β£
Demo cookies are set.Check Set-Cookie: sameSite=[timestamp]; Path=/; Secure; SameSite=Lax
:
Check Set-Cookie: crossSite=[timestamp]; Path=/; Secure; SameSite=None
:
This site first-party-sets.glitch.me
is the primary member of set. fps-member-1.glitch.me
is a member of that set.