[Webkit-unassigned] [Bug 213510] iOS 14: ITP causes issues for hybrid (WKWebView) apps using cookies for authentication etc.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 7 05:10:29 PST 2021


https://bugs.webkit.org/show_bug.cgi?id=213510

Ricardo Sohn <ricardosohn at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ricardosohn at gmail.com

--- Comment #34 from Ricardo Sohn <ricardosohn at gmail.com> ---
Our app too was affected by this change.

Our use case is very similar to the one described by Niklas.

We have a hybrid app using the Apache Cordova framework.
As Niklas already said, when the app launches it loads a web app in WKWebView running on a custom scheme handler with an origin like "ionic://localhost".
Using that approach, almost all external connections are considered cross-site requests.

In our use case, the user provide a server URL (every client has their own backend server).
The app then proceeds to load content from that external URL (such as full pages and images) with the user session.

The content only loads if I set the 'NSCrossWebsiteTrackingUsageDescription' and go to the settings and enable 'Allow Cross-Website Tracking'.

For the rest, I can fully quote Niklas:
"We need this flexibility to run the app on one origin and connect to a server the users configures in the app at runtime. Cross-origin cookies are important for the connection to the server the user set in the app to make use of the user session the server solution provides."

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210107/9af74fe5/attachment.htm>


More information about the webkit-unassigned mailing list