Whenever the Scrivito UI accesses the Scrivito backend from its old address, the browser considers this a ‘‘3rd-party request’’ since the UI and the backend reside on different domains. The cookie used for authentication is therefore considered a ‘‘3rd-party cookie’’.
In theory, there is nothing wrong with applications like the Scrivito UI using a 3rd-party cookie for legitimate purposes such as letting a user log in. Unfortunately however, 3rd-party cookies can also be exploited by ad networks to spy on users, tracking their behavior across the web.
Even worse, there is no way for a browser to distinguish between legitimate 3rd-party cookies and spying. Therefore, major browser vendors have decided to drop support for 3rd-party cookies altogether.
Safari has already started blocking 3rd-party cookies by default, and Chrome is planning to also do this in the future.
Even today, many users of privacy add-ons (‘‘ad blockers’’) have reported trouble logging into their Scrivito UIs, and the need to configure exceptions in order to allow the 3rd-party cookies Scrivito currently uses.
By moving the Scrivito UI to
edit.scrivito.com, we are avoiding the use of 3rd-party cookies entirely, making Scrivito future proof and the UI easier to access for privacy-minded users.