[Webkit-unassigned] [Bug 140205] WKWebView does not provide a way to set cookie accept policy

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 15 04:47:16 PDT 2019


--- Comment #25 from Tim <tim.brust at sinnerschrader.com> ---
(In reply to Niklas Merz from comment #24)
> (In reply to Tim from comment #23)
> > (In reply to John Wilander from comment #21)
> > > (In reply to Tim from comment #19)
> > > > Any news on this issue? It seems iOS 13 got even more aggressive than before
> > > > and we are unable to set our auth cookie (using a hybrid app, too)
> > > 
> > > Hi! Can you explain how iOS 13 got more "aggressive?" Thanks.
> > 
> > It seems the default cookie policy for programmatic WebViews changed? Our
> > app works with iOS 12 but the login fails due to iOS 13. I assume the
> > default changed from something like "allow" to "only allow first party
> > cookies".
> It looks like that. Our app is doing a request which contains cookies in the
> response. On iOS 12 these cookies are used for the redirect and following
> requests. On iOS 13 none of the following requests contain any cookies.
> The app is running on the custom origin "ionic://localhost" and calling a
> server which allows this origin.

As a workaround (or hack?) when using the cordova-plugin-ionic-webview: Set the "Hostname" preference to the domain of your backend. E.g. if your backend is hosted at https://mycool.backend.com set the Hostname to "mycool.backend.com" - this tricks the Cookie policy to accept the Set-Cookie header since you are a first party domain now... (it seems the protocol does not matter as long as the domain is the same). Quite creative but it works for us.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190815/2690eb9c/attachment.html>

More information about the webkit-unassigned mailing list