[Webkit-unassigned] [Bug 200857] REGRESSION (iOS 13): WKWebView does not include cookies/credentials in cross-origin-requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 19 00:54:00 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200857
--- Comment #23 from Niklas Merz <niklasmerz at linux.com> ---
(In reply to dima from comment #20)
> What difference doesn't it make the popularity or importance of the app?
> It breaks our mobile app because we rely on session cookies. It will break
> any other app which does the same. If server complies with request and
> provides all necessary headers according to the spec the client must fulfill
> it's part. Or reject the response and raise the error.
>
> The impact of not doing this is that the developer will have to replace the
> entire mechanism of session management on the server side or fork and fix
> this bug themselves.
I somehow agree with this statement. This is clearly a regression because iOS 12 has the correct behavior. Regardless of affects on popular apps this does not follow standard browser spec and potentially breaks many apps and more importantly websites that are embedded. Web site developers / app developers / hybrid app developers should be confident that browsers / webviews work similiar on different platforms and across versions. Additionally there seems to be no reason this change is introduced in iOS 13 and it seems to be by accident.
(In reply to Alexey Proskuryakov from comment #21)
> It is doubly important to clearly state the user impact because even after a
> bug like this is fixed, all companies that use WebKit will need to decide
> whether to expedite shipping the fix to customers as part of their products.
As cookies are often used for authentication the impact for many apps could be that they cannot communicate with the server anymore. For our app that means it gets stuck at launch because it authenticates and relies on cookies for further requests.
> Please provide steps to reproduce with these apps, or any shipping apps at
> all. Please be very precise, as I haven't seen related reports of broken
> functionality in these particular apps.
I sent an e-mail with details about the app I am talking about.I suggest everybody who experiences this issue doing the same to make the user impact clear.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190919/c1016083/attachment.html>
More information about the webkit-unassigned
mailing list