[Webkit-unassigned] [Bug 260676] New: fetch with credentials should include Cookies associated with host_permissions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 24 14:56:54 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=260676
Bug ID: 260676
Summary: fetch with credentials should include Cookies
associated with host_permissions
Product: WebKit
Version: Safari 16
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Extensions
Assignee: webkit-unassigned at lists.webkit.org
Reporter: gaubut at druide.com
CC: timothy at apple.com, webkit-bug-importer at group.apple.com
Created attachment 467423
--> https://bugs.webkit.org/attachment.cgi?id=467423&action=review
Sample web extension
Safari is the only browser that doesn't include Cookies when a browser extension uses `fetch("https://example.com", {credentials: "include"});` when the Cookies have the attribute SameSite=Lax/Strict.
In order to reproduce the issue, with the attached Xcodeproject, perform the following steps :
1- Build the extension
2- Activate it in Safari
3- The extension automatically creates 3 cookies named None, Lax and Strict with the corresponding SameSite attribute values and it automatically performs a fetch from the background script, and also opens up a tab on https://echo-http-requests.appspot.com/echo
4- Confirm that the output of https://echo-http-requests.appspot.com/echo in the opened tab includes the 3 cookies
5- Confirm that the output in the background script's console logs says Cookie: undefined
Expected behavior : The background script's console logs says the same thing as the output in the tab https://echo-http-requests.appspot.com/echo
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230824/b827fce5/attachment.htm>
More information about the webkit-unassigned
mailing list