Verbum Comments: enable social login inside the iframe via Storage Access API#50397
Draft
arcangelini wants to merge 1 commit into
Draft
Conversation
Contributor
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
Contributor
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
Follow-up to #50396 (the minimal dead-end fix). This actually enables WordPress.com / Facebook social login inside the cross-origin Verbum comment iframe on Atomic/Jetpack sites.
Verbum runs in a third-party iframe (
jetpack.wordpress.com) embedded in the site's own domain, so it can't read/write the.wordpress.comauth cookies — which is why social login was suppressed. This uses the Storage Access API to restore first-party cookie access:useSocialLogin: on the login-button gesture (iframe only), calldocument.requestStorageAccess()before opening the login popup.logged-out: render the social buttons in the iframe even when the cookie test currently fails, so there's a button to click; the top-level login-link fallback now only applies outside the iframe.state:userLoggedInalso flips on a freshaccess_token(delivered by the login popup viapostMessage), so the UI reflects login even before cookies become readable.Graceful degradation: where Storage Access is denied/unsupported, the popup +
postMessageflow still authenticates for the current session and the comment POST (a top-level navigation) still carries the credential — only cross-reload persistence is lost.Related product discussion/links
Does this pull request change what data or activity we track or use?
No. It requests browser storage access to read existing first-party auth cookies; no new data is collected.
Testing instructions
comment_registrationboth on and off.Known items to verify
requestStorageAccess()andwindow.open()both need the user gesture — confirm the popup isn't blocked; reorder if needed.