Service Worker fetch does not include cookies with partition keys

[Adomas]

Hi everyone,

Chrome now supports CHIPS. Recently Zotero Connector users started having issues with websites that use CloudFlare. After investigation we've found that this is due to service worker fetch() not including partitioned cookies, even when `credentials: "include"` is set, and apparently CloudFlare started setting their cf_clearance cookie with a partitionKey, at least for some websites.

We can work around this by getting the partitioned entries via the cookies API by passing `partitionKey: {}`, and then including them manually with fetch() by patching the request via DNR (since fetch refuses to send cookies set via headers), but it's becoming unwieldy.

I think the fetch() API in the background worker should send cookies with partitionKeys, and/or alternatively there should be additional options to control this.

Not sure if I should just submit this as a bug since I don't think the intended behaviour is defined.

Adomas

[woxxom]

Is there any difference when using mode: 'cors'?

[Adomas]

I've just tested and the answer is no.

[Adomas]

It wouldn't make sense either. All service-worker requests are cors. They are technically limited based on hosts permission in the manifest.