[Webkit-unassigned] [Bug 206643] New: Safari not sending first party cookies in iframe requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 22 21:29:35 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=206643
Bug ID: 206643
Summary: Safari not sending first party cookies in iframe
requests
Product: WebKit
Version: Safari 13
Hardware: Macintosh
OS: macOS 10.14
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: stannous at atlassian.com
Created attachment 388515
--> https://bugs.webkit.org/attachment.cgi?id=388515&action=review
first party cookies not sent in iframe request
Safari Version 13.0.4 (14608.4.9.1.4)
macOS Version 10.14.6 (18G2022)
Steps to reproduce:
Note that immediately before performing these steps in the video I cleared all cookies and website data and authenticated with the respective domains anew.
1) Visit domain B directly (bbcfamilytest.atlassian.net in the attached video) to set first party session cookies.
2) Visit domain A which contains an iframe src to domain B -> Safari does NOT send the first party cookies along with the iframe's 3rd party src request.
We've reproduced this issue on multiple machines and once reproduced the problem persists indefinitely however it does not occur on every machine even with the same version of Safari.
I've been looking at ITP and Safari's 24 hour limit on first party cookies used in a 3rd party context but none of that explains the issue since I am resetting the cookie and visiting the first party domain before testing. Is it possible that ITP is banning the domain after a period of time and that resetting cookies doesn't reset the counter?
Disabling Safari's "prevent cross-site tracking" feature does not change this behavior.
Possibly related to https://bugs.webkit.org/show_bug.cgi?id=196592
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200123/29dccd6e/attachment-0001.htm>
More information about the webkit-unassigned
mailing list