[Webkit-unassigned] [Bug 213510] iOS 14: ITP causes issues for hybrid (WKWebView) apps using cookies for authentication etc.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 10 15:26:23 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=213510
--- Comment #39 from John Wilander <wilander at apple.com> ---
(In reply to Mad from comment #38)
> (In reply to John Wilander from comment #37)
>
> > As mentioned, the "session cookies" you refer to are available.
>
> We use a similar approach (Cordova) described in the comments above and
> having the same issues. The only way to work around this is to manually
> enable "Allow Cross-Website Tracking" toggle, albeit there is nothing
> related to "Tracking".
>
> Session cookie is a valid example. Typically web apps have more shared data
> required across app-bound subdomains, including all sort of cookies (not
> only non-persistent), non-stripped header values ("Referrer", "Origin") and
> custom headers (CORS).
Then the domains you refer to do not match the top frame, they are third-party cookies, and subdomains or no subdomains doesn't matter. If the resource domain doesn't match the top frame's registrable domain, it is considered a third-party request. I just wanted to make that clear so that you don't think this has anything to do with subdomains.
> Everything worked perfectly until this breaking change introduced along with
> ITP.
>
> It has been 7 months since the bug was reported here and still no good
> solution available for all cases.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210210/bfeb50a4/attachment.htm>
More information about the webkit-unassigned
mailing list