[Webkit-unassigned] [Bug 217138] New: Third party cookie not working even when ITP is OFF
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 30 11:52:05 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217138
Bug ID: 217138
Summary: Third party cookie not working even when ITP is OFF
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sarkar.sambit at gmail.com
I am on WKWebView in iOS14. I have ability to disable ITP in app settings as I changed the info.plist with NSCrossWebsiteTrackingUsageDescription. I have first-party context to http://127.0.0.1 and third-party context to https://mydomain.com. So, I load a https domain in iframe from http top-level-domain.
I host a webapp inside iphone in gcdserver and load that web app from http://127.0.0.1 domain. And then in that loaded app I load another web app in iframe from a remotely hosted website - say https://mydomain.com. So, my first-party context is 127.0.0.1 and my third-party context is mydomain.com. The important thing is I load first-party domain 127.0.0.1 through native URLSession as you see I use proxy to load the webapp. Also, I can intercept xhr calls from locally hosted web app and serve response from iOS-native even if xhr is made to absolute url of different domain. When first-party context (locally hosted webapp at 127.0.0.1) makes an xhr request to mydomain.com, native code intercepts the xhr and sets response cookies in WKWebView cookieStore under mydomain.com before sending response to WKWebView xhr. Now with ITP off, I expect the iframe.src=mydomain.com should attach the cookie I received in first-party context through xhr and was forcefully set to wkwebview store through native code. I think I am missing something. Why iframe.src is not attaching cookies that I already forcefully set in WKWebView cookiestore with iOS networking source code?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200930/746c956b/attachment.htm>
More information about the webkit-unassigned
mailing list