Uploaded image for project: 'Apache Cordova'
  1. Apache Cordova
  2. CB-11989

3rd Party Cookie Policy impossible to set

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.1.1
    • Fix Version/s: None
    • Component/s: cordova-android
    • Labels:

      Description

      It appears to be currently impossible to set the acceptThirdPartyCookies option for android.webkit.CookieManager or a similar security measure (there is no method setAcceptThirdPartyCookies in ICordovaCookieManager, it's default implementation or the Crosswalk implementation).

      Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping Cookie and Set-Cookie headers from requests leaving the currently-visited domain, regardless of access and allow-origin rules in the config.xml.

      in Version 4.* the CordovaWebView extended android.webkit.WebView and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.

      To reproduce:

      • enable Cookies (webView.getCookieManager().setAcceptCookies(true);)
      • visit content on hostb in the Web View
      • set a cookie (document.cookie = "test=123")
      • make a request to hostb (<img src="http://hostb/test.png" />)
      • there will be a Cookie header set on the request.
      • visit content on hosta in the same view
      • make same request to hostb (<img src="http://hostb/test.png" />)
      • there will not be a Cookie header set on the request.
      • webView.getCookieManager().getCookie("http://hostb") will still show the Cookie

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              s-ol Sol Bekic
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: