[Webkit-unassigned] [Bug 140205] WKWebView does not provide a way to set cookie accept policy

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=140205

--- Comment #25 from Tim <tim.brust at sinnerschrader.com> ---
(In reply to Niklas Merz from comment #24)
> (In reply to Tim from comment #23)
> > (In reply to John Wilander from comment #21)
> > > (In reply to Tim from comment #19)
> > > > Any news on this issue? It seems iOS 13 got even more aggressive than before
> > > > and we are unable to set our auth cookie (using a hybrid app, too)
> > > 
> > > Hi! Can you explain how iOS 13 got more "aggressive?" Thanks.
> > 
> > It seems the default cookie policy for programmatic WebViews changed? Our
> > app works with iOS 12 but the login fails due to iOS 13. I assume the
> > default changed from something like "allow" to "only allow first party
> > cookies".
> 
> It looks like that. Our app is doing a request which contains cookies in the
> response. On iOS 12 these cookies are used for the redirect and following
> requests. On iOS 13 none of the following requests contain any cookies.
> 
> The app is running on the custom origin "ionic://localhost" and calling a
> server which allows this origin.

As a workaround (or hack?) when using the cordova-plugin-ionic-webview: Set the "Hostname" preference to the domain of your backend. E.g. if your backend is hosted at https://mycool.backend.com set the Hostname to "mycool.backend.com" - this tricks the Cookie policy to accept the Set-Cookie header since you are a first party domain now... (it seems the protocol does not matter as long as the domain is the same). Quite creative but it works for us.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190815/2690eb9c/attachment.html>