Guide to Third-Party Cookies in Glean

Major browsers like Safari, Firefox, and Chrome (including Chromium-based browsers like Edge) have added or are planning to add restrictions to third-party cookie usage. This change entails replacing third-party cookie usage patterns by web browsers with a new partitioned cookie type or blocking them entirely.

How Browsers are Handling Cookies?

Google Chrome has announced plans to move towards a more privacy-focused web environment with initiatives like the Privacy Sandbox, which aims to provide personalization while protecting user privacy. Google is planning to introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, including (but not limited to) third-party cookie usage. Other Chromium-based browsers, like Microsoft Edge, are expected to follow the same pattern.

Mozilla Firefox and Apple’s Safari have already implemented strict third-party cookie blocking by default. Safari uses Intelligent Tracking Prevention (ITP) to block cookies used by advertisers to track users across sites, and Firefox uses a similar technology called Enhanced Tracking Protection (ETP).

Impact for Glean Customers

Since Glean is embedded on customers’ websites, it is classified as a third-party and this change can have an impact on critical workflows. Glean's embedded widgets and other functionalities rely on third-party cookies for authenticating users and these would be affected if third-party cookies are blocked.

Granting Glean Access to Third-Party Cookies

Glean has an inbuilt flow that requests the users for third-party cookie access if needed. You will see the following screen after login -

Glean 3P Cookie Access Request

To grant access, click on “Allow Cookies”. The following browser prompt is displayed next -

Browser 3P Cookie Access Prompt

Click on “Allow” to grant Glean access to third-party cookies. Subsequently, Glean will login successfully

FAQs

Q. I accidentally clicked on “Block” when the browser asked for access. How do I grant Glean access to third-party cookies now?

If you clicked on “Block” when the browser asked for third-party cookie access, any subsequent click on “Allow cookies” will automatically be rejected and you won’t see the prompt anymore. You can unblock yourself by manually granting Glean access to third-party cookies -

  • Click on the Cookie access icon icon in the top-right corner of the URL address bar
  • You will see the following prompt. Switch the glean.com toggle to “On” -

Allow Cookies Chrome

  • Click on “Allow Cookies” in the Glean UI
  • The login should complete successfully

Q. I did not see any prompt after clicking on “Allow Cookies” in the Glean UI. How do I unblock myself?

This can happen in one of the following cases -

  • The access was denied earlier by the user or the prompt was dismissed using the X icon multiple times. (Refer to question above to unblock)
  • The embedding iframe needs to satisfy the following -
    • If the iframe is not sandboxed, then there are no issues
    • If it is sandboxed, it needs to have the allow-storage-access-by-user-activation , allow-scripts and allow-same-origin strings as part of the sandbox attribute

Q. Will I need to manually grant Glean access to third-party cookies on domain-b.com if I’ve already granted access on domain-a.com ?

If you have given access to a Glean embedded widget when it is embedded under domain-a.com, it grants access only for that parent domain. If there is another domain-b.com that embeds Glean, you will need to provide access again.

The scope of access grant for the same domain (i.e. if you’ve given access to Glean embedded in domain-a.com , then how long does that access remain valid) varies from browser to browser -

  • Google Chrome (and other Chromium-based browsers) - For Google Chrome, the third-party access is given for the current user profile. A new user profile will require access to be granted again.
  • Firefox - For Firefox, the third-party access is given for the current user profile. A new user profile will require access to be granted again.
  • Safari - For Safari, the access is limited to the current browser tab i.e. if you open another tab with Glean embedded in domain-a.com , you will need to provide access again even though it was granted earlier for a different tab.