[Webkit-unassigned] [Bug 175934] New: Third-party cookies shared when requesting video content
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 24 06:54:54 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=175934
Bug ID: 175934
Summary: Third-party cookies shared when requesting video
content
Product: WebKit
Version: WebKit Nightly Build
Hardware: Macintosh
OS: macOS 10.12
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: tppiotrowski at gmail.com
To reproduce:
1. Under privacy settings choose:
-Allow from current website only OR Allow from websites I visit
2. Confirm third-party cookies are disabled by visiting: https://alanhogan.github.io/web-experiments/3rd/third-party-cookies.html
3. Create a page on domain1.com that embeds a <video src="http://domain2.com"> and notice that domain2.com Cookies are sent with the request.
This behavior differs from both Firefox and Chrome which deny the cookies being sent.
Correct behavior:
domain2.com Cookies should not be sent.
I've documented a real world scenario in this blogpost: https://tedpiotrowski.svbtle.com/broken-video-attachments-in-gmail
My apologies if this behavior is intentional to prevent user pain/confusion.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170824/e1a14084/attachment.html>
More information about the webkit-unassigned
mailing list