Third-Party Cookies Chrome Phaseout

kjib · December 18, 2023, 7:47am

When testing for the Third-Parth Cookies Phasehout which Chrome announced (https://developers.google.com/privacy-sandbox/3pcd), I noticed that the cookies are not being send to our API.

What I’m trying is:

We authorize via t.authorize with our endpoint, which works

When trying to go to card-buttons and make an API call to our app (via ajax), we get an unauthrized warning from our app, since the cookies are missing in the request.

When I disable the Chrome Flag which I enabled for testing and I make a request, it works and I’m authenticated by my API and I do see the cookies in the request.

AllenBierbaum · January 21, 2024, 2:56pm

This seems like it will break all Trello powerups. Am I missing something, is there a workaround in development right now?

RobinWarren1 · January 23, 2024, 11:57am

Take a look at Trello’s JWT implementation t.jwt(opts)
This lets you secure comms between your power-up and your server by passing the JWT from Trello, which you can then validate on your server. This can let you then match the Trello user to a user in your tool.