Our site (philcon registration site) uses the web-payments-sdk to get a credit card token. It works just fine in most browsers, but firefox is now enforcing partitioning causing the payment form not to display with the following javacript errors:
Partitioned cookie or storage access was provided to “Square JS"…” because it is loaded in the third-party context and dynamic state partitioning is enabled.
Note: our server is running Linux/Apache, and the client works just find for any browser it seems but Firefox.
From searching around it looks like this is happening cause of Dynamic State Partitioning enabled.
- With Dynamic State Partitioning enabled, Firefox provides embedded resources with a separate storage bucket for every top-level website. Embedded third-parties may request access to the top-level storage bucket via the Storage Access API. You can also disable Dynamic State Partitioning with the
If you change the settings does it work as expected?
Yes, the customer can enter our site into an exception list in their Firefox settings to allow this one site to work, but that requires the person attending our convention to know this in advance and add it to the ’settings’ as an exception to tracking. But we are not ’tracking’ them, but instead trying to get the iframe to work,
There has to be a better way to deal with this than telling each customer to modify their browser configuration and explaining to them why it’s needed. (For now we put a message up on the website to not use Firefox), but that’s not the best answer either.
I didn’t see anything along the lines of how to deal with “network.cookie.cookieBehavior”. And that seems to be several years ago and this is a newer thing than that.
Do you know if this is the default browser behavior? Or have the intentionally upped the security of the browser?
A customer contacted me, I didn’t know of it before yesterday. I installed Firefox on my computer to try it, changed nothing out of the box, and it failed, I used ‘dev mode’ to capture the console tries, which the forum would not let me enter in full (422 error).
So yes, it’s ’the default behavior.
Hmm, I just downloaded a Firefox not having it on my computer previously and it rendered the form fields just fine. There is a warning in the console but it didn’t stop the form from rendering. I’m going to reach out to the team.
Now that I’m seeing this this is a warning. Is yours showing as an error? I don’t think this warning is actually blocking the form from loading. Is the site hosted so we can take a look?
In an I-frame?
Perhaps I’m not using it right, but it’s what.I copied from the example….
The credit card block is hidden until you enter a membership that requires payment, because some of our transactions are $0.00, and you can’t process a credit card for that, so you need to fill in the ‘blue model window’ with a data in all the *’d fields, anything will work except the email will be in the format of an email address. Then you can go back to the beige page underneath to see the payment block.
As long as you don’t actually click ‘purchase’ no data is sent to us, so you won’t hurt our database or share any data with us. It all runs locally in the browser up to that point.
It worked out of the box for me. It did have the warning but it works. Does the customer have any ad for cookie blockers?
I’m going to try again for me, and see, I got an error the first time, let me look.
Ok, now it works for me, too. I don’t know. I’ll remove the warning from the website.