[Webkit-unassigned] [Bug 202640] Tracking blocking breaks remembering login on editor.construct.net

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 15 08:05:50 PDT 2019


--- Comment #17 from John Wilander <wilander at apple.com> ---
The Storage Access API, as implemented in WebKit, only opens up cookie access. Since your iframe is same-site, i.e. has the same registrable domain as the top frame, it does not need to call the Storage Access API. The iframe has cookie access from the get go.

IndexedDB is blocked in cross-origin contexts. You need to use another mean of persistence for your login credentials if you persist the login in a cross-origin iframe.

This blocking behavior is not new and your login mechanism has likely never worked in Safari. That’s probably due to lack of testing which is unfortunate. Telling users to turn off all privacy protections in their browser is not the right course of action.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191015/d95f41d2/attachment.html>

More information about the webkit-unassigned mailing list