[Webkit-unassigned] [Bug 188783] New: Cookies not available when requestStorageAccess successfully resolves after "allow" in ITP prompt

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 21 04:36:25 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=188783

            Bug ID: 188783
           Summary: Cookies not available when requestStorageAccess
                    successfully resolves after "allow" in ITP prompt
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Macintosh
                OS: macOS 10.13
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ulf at alfhild.io

John Wilander asked me to file a bug here after a bit of discussion on twitter. Not sure if I'm misunderstanding/misusing the Storage Access API but here's my case. 

When the user answers "allow" on the ITP prompt the cookies are not available in the 3rd party context directly. Not in the requestStorageAccess success callback and not afterwards. If the iframe is __reloaded__ and requestStorageAccess called it's, as expected, automatically successfully resolved and I have access to cookies.

Reproduction repo: https://github.com/uliedberg/itp2-test/tree/master/basic-basic-browser-set-cookies-only . I've also put up the main & third party parts on different domains for easier reproduction.

The third party iframe page will call hasStorageAccess() on load.

* > defaults write com.apple.SafariTechnologyPreview ResourceLoadStatisticsManualPrevalentResource liedberg.org
* in Safari Technology Preview 63, clear history and then open: 
        - https://www.alfhild.io/itp2/main/?thirdparty-url=https%3A%2F%2Fwww.liedberg.org%2Fitp2%2Fthirdparty%2F
1. Click "open popup" link (third party in main page)
2. Click "write cookie" link (popup page)
3. Click "close" link (popup page)
4. Click "request access" link (third party in main page)
5. Select "allow" in ITP prompt (main page)
        - at this point the third party iframe tries to read the cookie but no value
6. Click "read cookie" link (third party in main page)
        - no value still
7. Click "reload iframe" link (third party in main page)
8. Click "request access" link (third party in main page)
        - __now__ the cookies are available

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180821/01b97b78/attachment.html>

More information about the webkit-unassigned mailing list