<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED INVALID - "Allow from current website only" privacy setting strips cookies from 302 redirects"
href="https://bugs.webkit.org/show_bug.cgi?id=139683#c3">Comment # 3</a>
on <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED INVALID - "Allow from current website only" privacy setting strips cookies from 302 redirects"
href="https://bugs.webkit.org/show_bug.cgi?id=139683">bug 139683</a>
from <span class="vcard"><a class="email" href="mailto:ptoomey3@biasedcoin.com" title="Patrick Toomey <ptoomey3@biasedcoin.com>"> <span class="fn">Patrick Toomey</span></a>
</span></b>
<pre>That is great news! Can you clarify one point? When I first submitted this radar I only noticed the cookie stripping on a 302 redirect during the oauth flow. But, I recently noticed that the cookie stripping seems to occur on any third-party request. For example, if I set an image source to <a href="https://some_site/authenticated_image">https://some_site/authenticated_image</a> it also doesn't send previously set cookies. Will this upcoming fix work with subresources in addition to 302 redirects?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>