[Webkit-unassigned] [Bug 213510] iOS 14: ITP causes issues for hybrid (WKWebView) apps using cookies for authentication etc.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 10 13:48:50 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=213510
Mad <nuavel at mailpoof.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nuavel at mailpoof.com
--- Comment #36 from Mad <nuavel at mailpoof.com> ---
WTF? No really, WTF?
Why on earth app-bound domains (in fact all of them are: primary domain + subdomains) are not sharing cookies? This is do dumb.
You guys haven't heard and not aware of session cookie commonly shared across all subdomains (ie. *.myapp.com)?
I understand the point of ITP and apperciate Apple for taking care of my privacy by blocking annoying tracking bloatware, but why you didn't think about legit stuff?
There are a lot of discussions going on on github, SO and other sites regarding this breaking change with no way to easily work around the constraint without dirty hacks or regressions in UX ("Allow Cross-Website Tracking" is confusing and misleading, because user session is not "Tracking").
What we should do given that WKWebView provides an essential part of our app hosted on dozen of subdomains (apps, resources, cdn, content, api) and we are a team of web developers and have no iOS developer in house?
Now most of our team (Engineering, Management, QA) struggles in trying to find a workaround ASAP because otherwise our app would be broken for thousands of our users.
Shame on you.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210210/a221ddf6/attachment-0001.htm>
More information about the webkit-unassigned
mailing list