[Webkit-unassigned] [Bug 206643] New: Safari not sending first party cookies in iframe requests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 22 21:29:35 PST 2020


            Bug ID: 206643
           Summary: Safari not sending first party cookies in iframe
           Product: WebKit
           Version: Safari 13
          Hardware: Macintosh
                OS: macOS 10.14
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: stannous at atlassian.com

Created attachment 388515

  --> https://bugs.webkit.org/attachment.cgi?id=388515&action=review

first party cookies not sent in iframe request

Safari Version 13.0.4 (14608.
macOS Version 10.14.6 (18G2022)

Steps to reproduce:

Note that immediately before performing these steps in the video I cleared all cookies and website data and authenticated with the respective domains anew.

1) Visit domain B directly (bbcfamilytest.atlassian.net in the attached video) to set first party session cookies.
2) Visit domain A which contains an iframe src to domain B -> Safari does NOT send the first party cookies along with the iframe's 3rd party src request.

We've reproduced this issue on multiple machines and once reproduced the problem persists indefinitely however it does not occur on every machine even with the same version of Safari.

I've been looking at ITP and Safari's 24 hour limit on first party cookies used in a 3rd party context but none of that explains the issue since I am resetting the cookie and visiting the first party domain before testing. Is it possible that ITP is banning the domain after a period of time and that resetting cookies doesn't reset the counter?

Disabling Safari's "prevent cross-site tracking" feature does not change this behavior. 

Possibly related to https://bugs.webkit.org/show_bug.cgi?id=196592

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200123/29dccd6e/attachment-0001.htm>

More information about the webkit-unassigned mailing list