Studio's history (and so: all user datas) stored in the third-party cookies

[reggermont]

Context

I'm curious to have Apollo's point of view on that, but at first sight, that's a big privacy issue.

In these cookies, Apollo Studio stores many informations that may be sensitive, like:

• Headers with tokens
• Queries and mutations schemas

And surely more I don't have in mind now. Is there a particular reason to do this, except to collect user and company datas?

Proof

How to test

• Enable / Disable third-party cookies in your browser settings (for Chrome: Settings > Privacy and Security > Cookies and other site data
• Refresh the page
• Write some code in the editor
• Refresh again
  • If you enabled all cookies, then you'll keep your historic as expected
  • If you disabled third-party cookies, Apollo Studio will start from fresh

Expected behaviour

Datas are stored in the first-party cookies