[Webkit-unassigned] [Bug 140205] WKWebView does not provide a way to set cookie accept policy
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 19 09:45:08 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=140205
--- Comment #15 from Niklas Merz <niklasmerz at linux.com> ---
(In reply to John Wilander from comment #14)
> (In reply to Niklas Merz from comment #13)
> > For hybrid apps which rely solely on a webview (Cordova etc.) this can be a
> > huge problem, because every request made to remote servers is a cross-origin
> > request by design.
>
> I what way are they cross-origin by design? What is the top frame origin? Do
> these requests differ from regular cross-origin ones?
I am starting to use the WKWebview plugin for Cordova made by the Ionic.
(https://github.com/ionic-team/cordova-plugin-ionic-webview)
Because CORS does not work from files served via the file:// protocol this plugin is using a local webserver. These the requests are from the origin http://localhost:8080. Calling any origin within the Cordova app is now a cross-origin request. Because of this, authentication with cookies is not possible. Cookies just get ignored.
> Who made the decision
> to make all these requests cross-origin by design? Thanks!
The authors of the plugin made the decission because the file:// protocol is not usable in Cordova like it used to be with UIWebView. Ionic and others tried many different approaches and the local webserver was the best solution. WebKit serves local files with the origin header of "null" which does not allow any CORS requests.
Thanks for the quick response!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181119/7f1c426a/attachment.html>
More information about the webkit-unassigned
mailing list