[Webkit-unassigned] [Bug 272388] New: iFrame constantly refreshing after getting storage access in Private Browsing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 9 05:19:00 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=272388

            Bug ID: 272388
           Summary: iFrame constantly refreshing after getting storage
                    access in Private Browsing
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: macOS 14
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sameth.bugzilla at gmail.com

I have a website, www.siteA.com (any website), that contains iframe www.siteB.com (my PHP app). Using Safari Private Browsing, when I go to www.siteA.com and start loading www.siteB.com in the iframe, I start a flow to ask for access to third-party cookies by clicking on a button that opens www.siteB.com in a popup as a first party in which I click on a another button that closes the popup. Afterwards in the iframe I click on a button that requests access to third-party cookies using document.requestStorageAccess(). Once I allow www.siteB.com to use cookies and website data, the iframe will load www.siteB.com and will set a cookie that I use to know that the user already went through the flow I just explained and skip it on a refresh. 

All of this works as expected when loading it for the first time. When I update the src of the iframe because I want to load a different page in www.siteB.com or simply refresh www.siteA.com, the iframe will make me go through the previously described flow again and load the iframe properly. After that, if I refresh www.siteA.com or I update the src of the iframe again, I will get stuck in a loop constantly refreshing the iframe for some reason. Refreshing doesn't fix this either, somehow this breaks the iframe until I close Safari and open it again in Private Browsing or close and reopen the tab, restarting the whole cycle. 

Nothing else besides the creation of the cookie is happening in the PHP app that could be influencing this. The flow is written in JavaScript running within a script HTML element. 

This issue does not happen when Private Browsing is disabled.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240409/269f159c/attachment.htm>

More information about the webkit-unassigned mailing list