[Webkit-unassigned] [Bug 187197] REGRESSION (r230921): Cannot log in to forums.swift.org using GitHub account

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 29 15:44:30 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=187197

Daniel Bates <dbates at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |Regression
           Priority|P2                          |P1
         Depends on|                            |159464
            Summary|Cannot log in to            |REGRESSION (r230921):
                   |forums.swift.org using      |Cannot log in to
                   |GitHub account              |forums.swift.org using
                   |                            |GitHub account

--- Comment #2 from Daniel Bates <dbates at webkit.org> ---
The issue is that we consider the origin of the pop-up window opener when determining whether to send Same-Site cookies for a request to be loaded in the pop-up regardless of whether the request was initiated by the opener. We should only consider the opener's origin for the first non-empty document load in the pop-up window. (An about:blank pop-up is same-origin with its opener; => it is Same-Site with its opener).

With regards to the sign in flow for forums.swift.org using a GitHub account, subsequent navigations/form submissions in the GitHub pop-window after initial load are considered cross-origin (because they are compared against the opener, forums.swift.org). But they should be considered same-origin because all the subsequent navigations/form submissions are to https://github.com pages.

Additional remarks:

In <https://trac.webkit.org/changeset/230921/> (bug #159464) we added support for Same-Site cookies on Mac when running on macOS Mojave or later. And GitHub is making use of Same-Site cookies. This issue does not occur on earlier version of macOS as treat Same-Site cookies equivalent to non-Same-Site cookies.


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=159464
[Bug 159464] Implement Same-Site cookies
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180629/a92f7326/attachment.html>

More information about the webkit-unassigned mailing list