[Webkit-unassigned] [Bug 206643] Safari not sending first party cookies in iframe requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 24 13:39:01 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=206643
--- Comment #2 from John Wilander <wilander at apple.com> ---
Hi! Thanks for filing. What you're seeing is two different things.
With "Prevent cross-site tracking" enabled, ITP is on and blocks cookies for domains that have cross-site tracking capabilities. The 24 hour window you refer to was removed in 2018 and ITP has seen many updates since. You can read blogposts on all the updates under the Privacy category on the WebKit blog: https://webkit.org/blog/category/privacy/
With "Prevent cross-site tracking" enabled, your path to get cookie access as a third-party iframe is to make use of the Storage Access API. That API has been shipping in Safari for almost two years and is nowadays also available in Firefox with an Edge implementation pending. Brave has expressed interested in supporting the API once Edge has landed it in Chromium.
With "Prevent cross-site tracking" disabled, you are hitting a known bug in Safari 13.0.4 on macOS: https://bugs.webkit.org/show_bug.cgi?id=204109 It is fixed in Safari in the latest macOS betas and in Safari Technology Preview. Please try there.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200124/f34a825c/attachment.htm>
More information about the webkit-unassigned
mailing list