[Webkit-unassigned] [Bug 213510] iOS 14: ITP causes issues for hybrid (WKWebView) apps using cookies for authentication etc.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 7 11:17:36 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=213510
--- Comment #20 from John Wilander <wilander at apple.com> ---
(In reply to Adam Davenport from comment #19)
> John Wilander by "broken" I meant *my app* is broken, sorry for the
> miscommunication. What worked with UiWebView now no longer works in
> WkWebView.
>
> > Could you explain to us what your app is doing
>
> I'd imagine all Cordova apps are roughly the same; I have a static website
> that makes XHR requests to a remote server, and Cordova packages it up into
> an app that I can deliver to customers.
>
> > how it makes use of cookies in cross-site requests
>
> Users make an XHR request with credentials. The response has authentication
> cookies which are required to be sent with every subsequent request. This
> isn't happening.
>
> > how many different domains are involved in these requests
>
> 2ish, the "fake" domain defined by my app scheme, eg. foo://mydomain.com
> this can be anything I want afaik, except http or https), and my remote API
> hosted under https://mydomain.com.
>
> > and whether those domains are part of the same organization or spread across multiple orgs
>
> Same organization.
Thank you! This is useful information.
> As I'm just a consumer of Cordova, I defer to Niklas regarding what Cordova
> is doing under the hood. I'm not done with my investigation, but in response
> to "it would be good to hear from more developers" I just felt obliged to
> say "I too am struggling with this"
Sure. You're not on the hook to explain Cordova to me. :) However, we always try to understand what the needs and requirements are before considering solutions. "Allow all cookies" is an obvious solution but it has downsides that we are deliberately trying to remove. What it comes down to is how to provide just enough functionality for apps while not re-creating, in this case, cross-site tracking.
As for hearing from multiple developers, it's very important for us to get details from a diverse set of sources. Sometimes you have a single developer who is very vocal about a use case that turns out to be very specific to their app or website. With a more complete picture, we are able to create solutions that serve many more developers and is much more stable. Hunting piecemeal use cases can get you to a messy place in the end.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201007/d55a5e1e/attachment.htm>
More information about the webkit-unassigned
mailing list