Chromium WebView dropping cookie inside IFrame
Reported by
david.j....@statefarm.com,
Oct 31 2016
|
|||||
Issue descriptionSteps to reproduce the problem: - Launch a web view within a native app - The web page contains an Iframe - Inside the Iframe, a company redirect page is initialized with authorization cookie (https://company.com/redirect) - Company does redirect to vendor page (https://vendor.com) - Upon submission of the vendor page, a 302 redirect occurs back to a company page. - Results shown in (https://company.com/results) Iframe - authorization cookie is lost - We have validated cookies (secured cookies most importantly) are not passed to the company domain. Android 6.0.1 using Android System WebView 54.0.2840.68 is causing the error. When Android System WebView is rolled to back factory version 44.0.2403.117 the error does not occur and iframe is loaded correctly. Nexus 5X with build MTC20F (6.0.1) Galaxy S6 edge build MMB29K.G925PVPS4CPJ1 (6.0.1) What is the expected behavior? Cookies retained in WebView What went wrong? Cookie lost during communication with company results page (https://company.com/results) Did this work before? Yes version before System WebView 53.0.2785.124 or when system WebView is put back to default version/ disabled Chrome version: 54.0.2840.68 Channel: stable OS Version: 6.0.1 Flash Version:
,
Nov 3 2016
What's the URL of the top level page? Is it served from company.com? Have you called CookieManager.getInstance().acceptThirdPartyCookies(webview) for your webview?
,
Nov 4 2016
further testing CookieManager.getInstance().setAcceptThirdPartyCookies(webView,true) did solve the problem
,
Nov 7 2016
So it works in all versions if you enable third party cookies, but if you don't it worked in older WebView versions, but not from 53 onward? Is that correct? It's still not really clear whether the cookie here should actually correctly be considered third party or not, and so I'm not sure which behaviour is right. Can you provide an actual repro case, with real domains?
,
Nov 14 2016
Thank you for providing more feedback. Adding requester "tobiasjs@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 14 2016
,
Dec 14 2016
No feedback was received in the last 30 days from reporter "david.j.hughes.nrxn@statefarm.com", so archiving this. Please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by rsgav...@chromium.org
, Nov 2 2016