[Webkit-unassigned] [Bug 280892] New: Safari 18 does not send cookies for Google SignIn

Fri Oct 4 08:35:57 PDT 2024

https://bugs.webkit.org/show_bug.cgi?id=280892

            Bug ID: 280892
           Summary: Safari 18 does not send cookies for Google SignIn
           Product: WebKit
           Version: Safari 18
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ivanmatskan at gmail.com

Created attachment 472808

  --> https://bugs.webkit.org/attachment.cgi?id=472808&action=review

POST request is Safari 18

Safari 18 does not send Cookie during Google SignIn process.

According to Google SignIn documentation (https://developers.google.com/identity/gsi/web/guides/verify-google-id-token) to verify identity token Google sends c_csrf_token in POST request.
In Safari 18 this request does not have cookies at all.

The issue happens in Safari 18 only, Chrome and Firefox do send cookies.

Steps to reproduce:
1. In safari 18 go to https://go.epiphan.cloud/
2. Open devtools and click Google SignIn button
3. After selecting an account there will be a POST request that sends credentials to the company auth API.
4. Check the request in the network inspector, there is no Cookie header in the request. (See the attachment)
5. Repeat steps 1-4 in Chrome or Firefox and inspect the POST request. It has Cookie header.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241004/cbf06ec2/attachment-0001.htm>