Thank you for the report, Robert. It appears that there's something wrong with the HTTPS certificate of 11st.co.kr. Chrome warns that the connection is not secure. This turns off credit card autofill. Can you confirm that you see this issue on your side as well?

Deleted: Screenshot from 2017-12-11 13:15:02.png 56.4 KB

	Screenshot from 2017-12-11 13:15:02.png 56.4 KB View Download

rouslan@, thanks for the prompt response. Unfortunately none of the feedback report we've received mention "your connection is not secure". A lot of users said they were asked to allow Cookies. Will Chrome ask users to allow cookies if chrome considers the website's connection is not secure? Thanks. 

Device: Samsung Galaxy S8/NRD90M
Chrome version: 63.03239.83
Web site: http://global.11st.co.kr/html/en/main_en.html

Result: Was able to purchase and check out item from the web site. No issues were found.

I'm reaching out to users on Play store and through email for steps to reproduce this issue. Will update the bug once I hear anything. Thanks. 

Thanks Robert!

Can anyone own this bug and look into it? rouslan@ ?

> Will Chrome ask users to allow cookies if chrome considers the website's connection is not secure?

Nope, that's not Chrome doing that, AFAIK.

One user said he saw "A001 it is recommended to set the browser cookie to always allowed when repeating the same error" (screenshot as attached) when he click "안심클릭" (a 3rd party credit card payment security verification) when he try to pay online. 

Here is the translated message from this user:
"i can not proceed with credit card payment on Chrome ver. 63. the affected cards are Samsung, Hyundai, Nonghyup, Shinhan etc, the ones with 안심클릭 (safe click) verification. i checked with the card companies and was told it's due to Chrome ver. 63 issue. please fix this asap"

Deleted: IMG_2379.png 51.8 KB

	IMG_2379.png 51.8 KB View Download

Which Chrome ver. 63 issue, though? 😕

The user feedback report in the original post has ver 63.0.3239.83 (Android) 

I work for a credit card company in Korea.
As you know, many errors have occurred since the software was updated, we are aware of the cause.

According to the problems we have found,
Customers using version 63 of Chrome have confirmed that cookie information is not being delivered properly with "iframe" function. 

Because many e-commerce sites in Korea handle transactions using third party cookies, this is a problem.

The error message shown to the customer is what the customer can understand and is different from the actual cause. 

I would like to inquire if you can confirm the contents below.

Since version 63 of Chrome (Android), 

1) Has the default setting for third party cookies changed in the WebView Toolkit? For example, if the app developer does not set "setThirdPatyCookies" value, will this be false or not? 

2) If the customer has thirdpartycookies set to true in their Chrome settings, does that apply to false if we do not specify them separately in webkit?

3) Are these policies still maintained after 64? 

"deux...@gmail.com"'s questions are very good, is there someone from Google can confirm about this bug existence ? 

at least we need to get yes/no confirmation because we have tried anything we can and we are under pressure to solve this problem within our app which we still have not found the work-around it.

rouslan@, Korean team has filed b/70481162 for this issue this Monday. I've cc'ed you in that bug. Thanks. 

mkwst@: Any idea if we've changed anything regarding third party cookies in M63?

Non-Google people: Would it be possible to get a simple test case we can use to reproduce the issue? For example a small standalone web page, or a link that doesn't require us to try to buy things.

If this is WebView-related, it might be  https://crbug.com/793648 , which clamy@ landed a patch to fix last night and merged back to 64 and 63.

timloh@: I've seen same issue occurs not only Korea but also in other services. For example, you can check out the stackoverflow website for more details on the same issue and sample code to identify issues related to cookies. 

https://stackoverflow.com/questions/47731745/android-cordova-app-with-iframes-chrome-63-no-request-headers-cookies

If you want to have exactly the same test that Koreans are experiencing regard to this issue, we will send you a test guide including the card number issued in Korea. 

From what I read in the report, this is WebView specific and the website is working fine on Chrome browser. I'm pretty sure that this is a duplicate of  https://crbug.com/793648   which was reported for cordova. We fixed the cordova issue yesterday, and it was merged to M63 so the problem should be resolved soon. I will mark this as a duplicate.

Thank you, Camille!

Chrome last version (63.0.3239.107) still has an iframe cookie issue in webview.

I work at GSSHOP(http://www.gsshop.com) test team.
We found this issue(chrome browser  ver. 63.0.3239.83 on android )on December 9th.
Test team reproduced this issue and reported  development team.
We solved by replacing the certificate and the KMC(://www.kmcert.com) module.
I hope my comments will be helpful to other Korean eCommerce companies and Google.
We also check chrome browser  ver. 63.0.3239.107. Our app had no issues.