[Webkit-unassigned] [Bug 196592] Cookies not sent with third party requests via XHR or iFrame
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 28 02:17:43 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=196592
--- Comment #10 from Sam Potts <sam at potts.es> ---
(In reply to John Wilander from comment #9)
> The challenge is how to distinguish “legitimate” from “non-legitimate”?
It's a very good point and as you know, hard to determine.
> You of course have the two other options too. Either Oauth with auth tokens
> in the incoming URL or the temporary compatibility fix for popups as
> described in our ITP 2.0 and 2.1 blogposts.
I guess we'll have to look into those options.
> Our implementation is frame specific, i.e. only resources in the iframe that
> got granted access will have cookies. If you have compelling reasons for why
> that can’t work for you, please file an issue as mentioned above.
So there's no way to enable cookies being sent to third parties for XHR requests since the Storage Access API only effects iframes? Safari seem to block them.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200128/15b02db2/attachment.htm>
More information about the webkit-unassigned
mailing list