[Webkit-unassigned] [Bug 137745] New: When in private mode, cookies in iFramed content are not set correctly

Wed Oct 15 11:32:15 PDT 2014

https://bugs.webkit.org/show_bug.cgi?id=137745

           Summary: When in private mode, cookies in iFramed content are
                    not set correctly
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
               URL: http://run.plnkr.co/my0lgusP2UEYNTbL/
        OS/Version: Mac OS X 10.9
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: natenate at looker.com

I found this in Safari 7.1 and Webkit Nightly:

Steps to repro:
1. Start or restart Webkit
2. Put Webkit into Private Browsing mode
3. Browse to http://run.plnkr.co/my0lgusP2UEYNTbL/
4. Expect the text 'Cookie value is: CSRF-Token=is_this_set%3F' to be visible
5. !! Only see 'Cookie value is: '. 

Summary:
The site loads a page, which includes iframed content. The iframed content should have access to a cookie value that is returned by the server (visible in headers) but is not available via Javascript.

Some interesting other observations:
* Sometimes this seems to happen in regular browsing mode, as well as private browsing
* If you right click the iframe, and select "Open Frame in New Tab", the page will load and render the correct value. Bizarrely, if you then go back to http://run.plnkr.co/my0lgusP2UEYNTbL/ and refresh the page, the iframe will load with the correct value!
* If the host is the same in the iframe and the parent frame, the issue is not reproducible: http://safe-everglades-1254.herokuapp.com/iframed

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.