Open
Description
🚀 Feature Request
I'm trying to implement the new Partitioned flag for our backend's cookies (see https://developer.mozilla.org/en-US/docs/Web/Privacy/Guides/Privacy_sandbox/Partitioned_cookies).
With this I'm hoping to support Safari and upcoming cookie-blocking chrome versions in the use case where our frontend runs on another domain than our backend (e.g. during e2e testing on preview builds).
My auth setup looks like this:
await request.post(`${apiUrl}/latest/auth/login`, {
data: {
username: email,
password,
},
})
await request.storageState({ path: authFile })But when the cookies come back with a Partitioned flag on them, this isn't represented in the authFile, so when I use this storageState in my tests I have two problems:
- Browsers that only send Partitioned cookies in cross-site requests won't send this auth cookie if the apiUrl is on a different domain than the frontend.
- When I try to log out in a test, the (empty, expired) cookie that comes back is
Partitioned, but the auth cookie from thestorageStateis notPartitioned, so the browser thinks those cookies are not the same and keeps the auth cookie from thestorageStateinstead of dropping it. I can solve this by removing both unpartitioned and partitioned cookies in my logout endpoint though.
Example
- Hit a login endpoint which uses
Partitionedcookies to return an authentication token. - use
request.storageState({ path: authFile })to persist the storage state, taking thePartitionedflag into account - use the
storageStatetest option to load the storage state, taking thePartitionedflag into account. The browser's cookie storage will now be the same as if I had done the authentication in each test withoutstorageState.
Motivation
Without this, it's impossible to use storageState to accurately represent the actual browser behaviour when Partitioned cookies are in play.