292975 2025-05-14 00:29:09 -0700 Partitioned cookies not working in Safari 18.5 2026-01-12 01:32:47 -0800 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED CONFIGURATION CHANGED https://bugs.webkit.org/show_bug.cgi?id=293618 InRadar P2 Normal --- 1 yoav webkit-unassigned amodpandey annevk dara.hak helhum hermans.je isoengas jsminted+bugzilla katyayani.reddy kenner1 lcswillems m_finkel natewiebe13 ntim osku.tervonen ozan ramzabdae rshan181818 sarjupatel tome tom webkit-bug-importer webkit.org wilander oldest_to_newest 2116976 0 yoav 2025-05-14 00:29:09 -0700 Reproduction test case: https://chips-site-a.glitch.me Partitioned cookies worked in 18.4 and stopped working somewhere between that and 18.5 Trying to (manually) bisect, I see they already weren't working in 286403, the last commit of STP 208. (Earlier archived builds are unrelatedly crashing on my machine) 2117025 1 wilander 2025-05-14 06:59:44 -0700 Hi, Yoav, and thanks for filing! We unfortunately had to turn CHIPS off due to a serious bug that was too complex to address in the software update. The bug is not in WebKit. We don’t know right now when we’ll be able to turn it back on. Sorry about that. 2117126 2 yoav 2025-05-14 12:24:04 -0700 Thanks for the update! 2117618 3 jsminted+bugzilla 2025-05-16 08:24:51 -0700 Hey! Was about to report this same or similar issue. It seems that with partitioned cookies turned off, cookies that are partitioned are getting entirely rejected (instead of being set without partitioning as was the previous experience). Interestingly, they seem to get still get set when the dev tools are open making this very tricky to debug. 2118604 4 webkit-bug-importer 2025-05-21 00:30:14 -0700 <rdar://problem/151755274> 2119075 5 ozan 2025-05-22 14:01:36 -0700 How is this labeled as a 'normal' severity bug? Is this how things usually done now ? This has potential to collapse most of the integrations done on some major industries. Are we just going to say that some guy at developing webkit handicapped cookies so bear with us ? This place needs a Linus Torvalds.... 2119081 6 wilander 2025-05-22 14:21:51 -0700 CHIPS was enabled in our .4 releases and disabled in .5 due to a serious bug. Partitioned cookies with CHIPS are opt-in. 2119083 7 jsminted+bugzilla 2025-05-22 14:26:04 -0700 Unfortunately disabling CHIPS in .5 blocks any partitioned cookie from being set now. Previous to .4 they would still be set, but as if they were not partitioned. Our workaround at the moment is to detect safari and explicitly not set partitioned cookies. 2119084 8 jsminted+bugzilla 2025-05-22 14:27:50 -0700 I do really appreciate CHIPS being brought to Safari, though! Hope it gets re-enabled soon! 2119101 9 ozan 2025-05-22 15:05:23 -0700 3rd party iframes that previously functioned correctly using partitioned cookies are now failing entirely. Users are unable to log in to embedded content. This is not a minor issue. These integrations were stable and compliant in Safari .4, and if memory serves, the adoption of partitioned cookies followed Safari’s own guidance at the time. With the release of .5 and CHIPS being disabled (and kneecapping partitioned cookies all together), we’re now forced to re-architect authentication flows under pressure. This introduces sudden instability to systems used by millions. The lack of partitioned cookie support in Safari .5 has widespread consequences that go far beyond a typical regression. I kindly urge webkit team to treat this issue with appropriate severity. Any assistance from staff cc'd on this thread in helping escalate or clarify the timeline would be greatly appreciated. ----------------------- >To: Anchor Ed Thank you for the workaround. Relayed it to the teams, seems like we will follow a similar path. 2119117 10 m_finkel 2025-05-22 15:58:59 -0700 Safari 18.4 was released on March 31: https://webkit.org/blog/16574/webkit-features-in-safari-18-4/. In earlier versions of Safari, any cross-site cookies were not accepted in cross-site iframes (even if they were "Partitioned"), unless the iframe requested access to its "first party" cookies using the storage access API and the user granted access. Cookies that are set by the main web site should still be accepted, even if they include the "Partitioned" attribute. Safari 18.5 should accept the same cookies as Safari 18.3. Are there web sites that worked in Safari 18.3 and 18.4, but they are now broken in 18.5? 2119282 11 kenner1 2025-05-23 08:07:37 -0700 The issue stems from document.cookie and cookies set with the Partitioned flag, even in first-party contexts. If you visit https://chips-site-b.glitch.me/, you'll notice that it sets the following: document.cookie = "__Site-B-partitioned-cookie=123; Secure; Max-Age=84600; Path=/; SameSite=None; Partitioned;"; This is a first-party cookie, but the presence of the Partitioned flag prevents it from being stored. What's frustrating is that it sometimes works, making it difficult to debug. Version 18.4 and 18.5. 2119328 12 jsminted+bugzilla 2025-05-23 11:36:34 -0700 It seems to work when the dev tools have been opened at least once in the tab/session. Makes it very difficult to debug. 2120060 13 wilander 2025-05-27 21:23:03 -0700 *** Bug 293618 has been marked as a duplicate of this bug. *** 2127387 14 yoav 2025-07-02 13:49:11 -0700 Hey John and Matthew! Any updates you can share on this? Any information you may be able to share regarding the timelines here can be very helpful :) 2127423 15 wilander 2025-07-02 15:11:49 -0700 Nothing at this point. Re-enabling CHIPS is in part dependent on changes in underlying frameworks which means following along in open source will not tell you the whole story. Safari Technology Preview might not tell you the whole story either since it doesn't change underlying frameworks. 2127532 16 yoav 2025-07-03 00:04:43 -0700 OK, thanks for the update!! 2143652 17 katyayani.reddy 2025-09-17 09:55:10 -0700 Hi John, Matthew, It would be helpful if you could provide an update on when this will be available. 2146202 18 lcswillems 2025-09-26 09:48:31 -0700 Hey John, could you tell us more about the issues in the underlying frameworks preventing CHIPS to be re-enabled? And would you have a rough ETA? (e.g. a few weeks, months, or years) Thank you very much! Having CHIPS enabled in Safari would allow my iframes to work seamlessly in Safari, which would be a big improvement. 2146206 19 wilander 2025-09-26 09:54:05 -0700 (In reply to lcswillems from comment #18) > Hey John, could you tell us more about the issues in the underlying > frameworks preventing CHIPS to be re-enabled? HTTP and lower networking is not part of the WebKit open source project, and cookies are part of HTTP. Apple is not able to share more details for networking frameworks since ours are not open source. Other ports of WebKit may be able to share. > And would you have a rough ETA? (e.g. a few weeks, months, or years) We don't share plans for the future beyond what's in our software seeding and Safari Technology Preview. Looking at release notes and testing software update seeds is the way to go. 2157915 20 amodpandey 2025-11-11 06:25:47 -0800 https://developer.apple.com/documentation/safari-release-notes/safari-26_2-release-notes#Privacy 2158695 21 ntim 2025-11-13 18:30:16 -0800 CHIPS is now back in Safari 26.2 beta.