iframe
, so any cookies your site
attempts to set are considered as third-party
cookies.
In order for your site to be able to set cookies that are compatible with the
Makeswift Visual Builder, you may need to include certain attributes.
Minimum Attributes
In order for a third-party cookie to be set, you’ll need to specify theSameSite=None;
and Secure;
attributes
on your cookie.
For example, let’s say your site attempts to set a cookie client-side using
document.cookie
:
SameSite=None;
and Secure;
:
Set-Cookie
header. For example, you may be using the cookies()
API from
Next.js:
Set-Cookie
header string on your response header, you
can follow the same conventions as the client-side cookie string.
Partitioned Cookies (CHIPS)
Nearly all major browsers have plans to fully deprecate third-party cookies in the near future. As a workaround, the Cookies Having Independent Partitioned State (CHIPS) spec was introduced. Partitioned cookies are keyed by both the domain of the third-party site that set them and the top-level site in which they were set. In Makeswift, your site is the one setting the cookie, and the top-level site would be the Visual Builder,app.makeswift.com
. This means that any cookies set by
your site within the builder are scoped to the builder!
To achieve this functionality, simply add a Partitioned;
attribute whenever
you set your cookies. Using our client-side example from above:
cookies()
example:
Safari
Since Safari still does not currently support partitioned cookies, the recommended way to have full cookie functionality within the builder is to follow our guide to disable cross-site tracking prevention when using our editor.Cookies by other libraries
It’s also possible that you’re using an external package that sets its own cookies. For example, middleware from thenext-intl
package will attempt to set
cookies for detected locales. For such cases, we recommend checking the docs of
these tools to see if they allow for cookie attribute configuration. Continuing
the next-intl
example, we see that their APIs offer
customization of their locale
detection cookie.
If the third-party package you’re using does not permit modifying cookie
attributes, you may still be able to patch them retroactively using the Next.js
cookies()
API (if the cookies are set server-side), or by manually writing
cookies with the appropriate attributes client-side. Whenever you make changes
to how external packages set cookies, make sure to test that the cookie
attribute changes don’t impact the security or functionality of your cookies on
your live site.