[Webkit-unassigned] [Bug 213510] iOS 14: ITP causes issues for hybrid (WKWebView) apps using cookies for authentication etc.

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=213510

Eric Kampf <ekampf1 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ekampf1 at gmail.com

--- Comment #35 from Eric Kampf <ekampf1 at gmail.com> ---
My company also has an app that has been affected by this change.  It is very similar to the apps described in previous comments.  It is Apache Cordova with web content bundled locally.  The local content interacts with remote content in our hosting domain in the following manner:

1. The local HTML includes an IFrame to load HTML/JS content from the remote hosting domain.
2. The IFramed pages makes XHR requests to the hosting domain, which is the same domain from which the IFrame content was served.

Authentication with the hosting domain uses cookies.  Our server is emitting the cookies, and has taken the necessary steps to support CORS (Access-Control headers and same-site:none attribute on cookies).  

We run our app on multiple mobile platforms.  Only on iOS are the cookies blocked.  To clarify, by "blocked" I mean that the cookies are returned to the iOS app, but they are neither persisted nor included in subsequent HTTP requests.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210116/5b38031b/attachment-0001.htm>