id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34613	add support for Partitioned cookies	Oleg Korsak	Kentaro Jay Takahashi	"Hi.

I'm having issues with Django app in Chrome. It is working as a standalone and embedded into IFRAME in another system. Users tend to open both ways in tabs. At some point they manage to overwrite (like re-login) cookies with session id and csrf token in one tab, but Chrome overwrites them for another one as well, while opened IFRAME has an old CSRF token in HTML. So next request fails. No issues in Firefox.


I've found following explanation:

https://developer.chrome.com/docs/privacy-sandbox/chips/

https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/


So Firefox separates such cookies by default. While Chrome needs server to set a ""Partitioned"" flag for cookies. But... Django is unable to do so due to using standard Python Morsel cookie class, which doesn't support it."	New feature	assigned	HTTP handling	4.1	Normal		chips, cookies, csrf, partitioned	Michael Wheeler Markus Holtermann Alex Gaynor Colin Murtaugh Adam Johnson	Accepted	1	0	0	1	0	0