[Webkit-unassigned] [Bug 217138] Third party cookie not working even when ITP is OFF
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 7 12:47:59 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217138
--- Comment #6 from John Wilander <wilander at apple.com> ---
(In reply to Spambit from comment #4)
> Well, I guess I cannot instruct or let user visit third-party domain when
> our default domain is 127.0.0.1. Basically I must load a locally hosted
> webapp at first-launch. And then I need to load another web app from a
> different domain in iframe. I think embedding a webapp in an iframe from
> another is common. The web-app in 127.0.0.1 handles authenticating the user,
> and the application hosted in the iframe can trust that the user is signed
> in. This strategy does not work with WKWebView then. My whole question is
> why default cookie policy has to be in play even when ITP is off. At-least
> this does not happen with desktop safari 14.0.
It is true that the “Prevent cross-site tracking” setting in Safari controls both ITP and the underlying cookie policy. For WKWebView, the thing that has changed in iOS (in this regard) is that ITP is on by default and that the user can turn it off. There has never been a user setting for the underlying cookie policy in WKWebView.
I think it would be good to change the title of this bug to an enhancement request that the web tracking setting for WKWebView should also control the cookie policy. I’m not saying everyone thinks that’s an enhancement but it seems that’s your perspective.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201007/aa6be8d3/attachment.htm>
More information about the webkit-unassigned
mailing list