IssueTracker

Thanks for the report and screenshots. I can't reproduce this because I don't have a moneyguidepro.com account, but the steps in the PDF help illustrate the issue.

Mike, could you confirm if this issue is fixed when the top-level site is added to "Sites allowed to use third-party cookies" in chrome://settings/cookies? (Looks like that would be [*.]pietech.com in your example)

Thanks for the instructions, I was able to reproduce the issue.

Because this flow happens in a popup, there is a chance this will be mitigated by 3PCD heuristics (https://github.com/amaliev/3pcd-exemption-heuristics/blob/main/explainer.md). I'm having trouble testing the effect right now, but the final heuristics behavior should be launched in the next few weeks.

For now, it looks like you're signing up for the deprecation trial - I would recommend continuing this process to ensure this is fully mitigated in the short term.

@johannhof FYI it looks like this embed is using client credentials, this might be another use case for treating them as user intent.

My bad, flipped the Status and assigned to the hotlist for handling the DT requests. Thanks!

Hi Mike, I hope your DT integration went well. Have you thought about long term API based solutions to this? If https://www.moneyguidepro.com is usually visited and logged into by users in a top-level context as well as the embedded context you've shown, then there are a few options:

• You could use the Storage Access API to request access to third-party cookies
• You could replace your login step with FedCM as a native login UI

If this is not the case, you might want to consider switching to a popup based authentication instead of requiring an in-frame login, this will allow you to leverage the heuristics Anton mentioned and also open up the option of using the two APIs mentioned above.