[Webkit-unassigned] [Bug 196490] Storage Access API: hasStorageAccess does not take into account unvisited state
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 3 11:25:34 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196490
--- Comment #3 from John Wilander <wilander at apple.com> ---
(In reply to r+webkit from comment #0)
> After giving storage access through the Storage Access API, I cleared all
> browser cookies. After clearing the cookies, hasStorageAccess() of my
> webpage in an iframe (unexpectedly) returns 'true', but setting cookies has
> no effect. This is fixed when I open the domain hosting the page on
> toplevel, and set any cookie (e.g. through document.cookie). Then,
> hasStorageAccess() within an iframe correctly returns 'false' again.
>
> I was expecting everything storage-related to be handled through the storage
> access API (i.e. hasStorageAccess() would return 'false', and requesting
> storage access would no longer require opening the page as a first party
> site and set a dummy cookie as it used to).
What you are seeing is WebKit's 10+ years old cookie policy. A third-party resource without pre-existing cookies cannot set cookies. Each domain has to "seed" its cookie jar as first-party.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190403/6583e9b6/attachment.html>
More information about the webkit-unassigned
mailing list