[Webkit-unassigned] [Bug 260676] New: fetch with credentials should include Cookies associated with host_permissions

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 24 14:56:54 PDT 2023


            Bug ID: 260676
           Summary: fetch with credentials should include Cookies
                    associated with host_permissions
           Product: WebKit
           Version: Safari 16
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Extensions
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: gaubut at druide.com
                CC: timothy at apple.com, webkit-bug-importer at group.apple.com

Created attachment 467423

  --> https://bugs.webkit.org/attachment.cgi?id=467423&action=review

Sample web extension

Safari is the only browser that doesn't include Cookies when a browser extension uses `fetch("https://example.com", {credentials: "include"});` when the Cookies have the attribute SameSite=Lax/Strict.

In order to reproduce the issue, with the attached Xcodeproject, perform the following steps :
1- Build the extension
2- Activate it in Safari
3- The extension automatically creates 3 cookies named None, Lax and Strict with the corresponding SameSite attribute values and it automatically performs a fetch from the background script, and also opens up a tab on https://echo-http-requests.appspot.com/echo
4- Confirm that the output of https://echo-http-requests.appspot.com/echo in the opened tab includes the 3 cookies
5- Confirm that the output in the background script's console logs says Cookie: undefined

Expected behavior : The background script's console logs says the same thing as the output in the tab https://echo-http-requests.appspot.com/echo

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230824/b827fce5/attachment.htm>

More information about the webkit-unassigned mailing list