Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It breaks things like "sign-in with github credentials" in CIs. But you know, these should be exceptional, therefore the default should be to load third-party content without cookies. The problem is that some content is loaded without your having to click on something (where you'd have a chance to right-click and request loading with selected credentials).


Not necessarily: OAuth Basic Flow does not require third-party cookies. With Basic Flow, you'd get redirected to github.com, making it a first party request. Github will then redirect you back passing an authentication code as a URL parameter.


I use uMatrix for this purpose, and to block third-party frames to defend against clickjacking. That said, Multi-Account Containers still are very useful.


I’ve been blocking third-party cookies for years and using OAuth authentication in several places. Don’t remember ever having an issue.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: