From 853f6580e6bbe4c0932f81faaf4d7b6a3c3a36e7 Mon Sep 17 00:00:00 2001
From: Paul Ferguson <pauljferguson@gmail.com>
Date: Fri, 17 Oct 2025 14:25:52 -0700
Subject: [PATCH] Fix secure cookie handling for multi-level subdomains

Disable ThirdPartyStoragePartitioning and PartitionedCookies features
to fix an issue where Chrome fails to properly respect the Secure flag
on cookies set with Domain=.example.com when accessed from multi-level
subdomains like dev.app.example.com.

This resolves the cookie persistence issue documented in #421 where
session cookies were not being sent on subsequent HTTPS requests to
dev.app.example.com despite being set correctly by the server.

Fixes #421
---
 src/browser.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/browser.ts b/src/browser.ts
index d76d5a9f..5fd85149 100644
--- a/src/browser.ts
+++ b/src/browser.ts
@@ -111,6 +111,9 @@ export async function launch(options: McpLaunchOptions): Promise<Browser> {
   const args: LaunchOptions['args'] = [
     ...(options.args ?? []),
     '--hide-crash-restore-bubble',
+    // Fix cookie handling for subdomain patterns (e.g., dev.app.example.com)
+    // Disable third-party cookie partitioning which can interfere with secure cookies
+    '--disable-features=ThirdPartyStoragePartitioning,PartitionedCookies',
   ];
   if (headless) {
     args.push('--screen-info={3840x2160}');