[Webkit-unassigned] [Bug 213510] iOS 14: ITP causes issues for hybrid (WKWebView) apps using cookies for authentication etc.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 28 07:32:16 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=213510
Sean Wood <woodywoodsta at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |woodywoodsta at gmail.com
--- Comment #54 from Sean Wood <woodywoodsta at gmail.com> ---
We've now hit up against this issue as well.
We have a Capacitor app which makes requests to a backend service that we own. It employs token-based authentication with a refresh token. The auth token doesn't need to be secured, but the refresh (long-living) token does. We intended to use secure, httponly cookies for this refresh token, but that is now not possible due to ITP. Presenting the ITP modal to users is unacceptable UX, and there is a high likelihood of "tracking" being rejected, which means we would have to compromise on security anyway.
This puts us in a corner whereby we'll have to implement the authentication mechanism natively.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230228/42aca6dc/attachment.htm>
More information about the webkit-unassigned
mailing list