[Webkit-unassigned] [Bug 139683] "Allow from current website only" privacy setting strips cookies from 302 redirects

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 1 15:57:56 PDT 2015


--- Comment #3 from Patrick Toomey <ptoomey3 at biasedcoin.com> ---
That is great news! Can you clarify one point? When I first submitted this radar I only noticed the cookie stripping on a 302 redirect during the oauth flow. But, I recently noticed that the cookie stripping seems to occur on any third-party request. For example, if I set an image source to https://some_site/authenticated_image it also doesn't send previously set cookies. Will this upcoming fix work with subresources in addition to 302 redirects?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150901/73071569/attachment.html>

More information about the webkit-unassigned mailing list