[Webkit-unassigned] [Bug 188783] New: Cookies not available when requestStorageAccess successfully resolves after "allow" in ITP prompt
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 21 04:36:25 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188783
Bug ID: 188783
Summary: Cookies not available when requestStorageAccess
successfully resolves after "allow" in ITP prompt
Product: WebKit
Version: Safari Technology Preview
Hardware: Macintosh
OS: macOS 10.13
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ulf at alfhild.io
John Wilander asked me to file a bug here after a bit of discussion on twitter. Not sure if I'm misunderstanding/misusing the Storage Access API but here's my case.
When the user answers "allow" on the ITP prompt the cookies are not available in the 3rd party context directly. Not in the requestStorageAccess success callback and not afterwards. If the iframe is __reloaded__ and requestStorageAccess called it's, as expected, automatically successfully resolved and I have access to cookies.
Reproduction repo: https://github.com/uliedberg/itp2-test/tree/master/basic-basic-browser-set-cookies-only . I've also put up the main & third party parts on different domains for easier reproduction.
The third party iframe page will call hasStorageAccess() on load.
* > defaults write com.apple.SafariTechnologyPreview ResourceLoadStatisticsManualPrevalentResource liedberg.org
* in Safari Technology Preview 63, clear history and then open:
- https://www.alfhild.io/itp2/main/?thirdparty-url=https%3A%2F%2Fwww.liedberg.org%2Fitp2%2Fthirdparty%2F
1. Click "open popup" link (third party in main page)
2. Click "write cookie" link (popup page)
3. Click "close" link (popup page)
4. Click "request access" link (third party in main page)
5. Select "allow" in ITP prompt (main page)
- at this point the third party iframe tries to read the cookie but no value
6. Click "read cookie" link (third party in main page)
- no value still
7. Click "reload iframe" link (third party in main page)
8. Click "request access" link (third party in main page)
- __now__ the cookies are available
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180821/01b97b78/attachment.html>
More information about the webkit-unassigned
mailing list