You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Faisal Akhtar (JIRA)" <ji...@apache.org> on 2017/12/11 15:43:00 UTC

[jira] [Created] (CB-13655) Android Cordova App with IFrames Chrome 63 No Request Headers Cookies

Faisal Akhtar created CB-13655:
----------------------------------

             Summary: Android Cordova App with IFrames Chrome 63 No Request Headers Cookies
                 Key: CB-13655
                 URL: https://issues.apache.org/jira/browse/CB-13655
             Project: Apache Cordova
          Issue Type: Bug
          Components: cordova-android
         Environment: Chrome 63 android devices 
            Reporter: Faisal Akhtar
            Assignee: Joe Bowser
            Priority: Blocker


Since the release of Chrome 63 on Android, on the 6th December 2017, I have encountered a problem with my companies Cordova based Android app. This app includes IFrames that allow users to navigate parts of my companies eCommerce website from within the app.

The navigation between pages loaded in the IFrames no longer send any cookie information in the Request Headers.

Information such as Session Ids that are stored in a cookie are not passed across to the next page, which in turn causes the next page to start a whole new user session!

What is strange however is that any AJAX calls preformed within a page on the IFrames (e.g. To retrieve the number of items in the basket) and asset requests (css js, image files etc) do send cookie information in the request headers fine. The session id in these headers are identical between pages, indicating session persistence.

Cookies are being created ok and I can see them when using the Chrome developer tools within the Application panel under the companies domain. They just aren't being passed to the next page.

I experienced this issue on an Android 7.1.1 device. When I disable the Chrome app on this device the cookie request headers in the IFrames in the app begin to work fine again, presumably the Cordova Webview is no longer using Chrome when it is disabled?

Does anyone know what may be causing this issue? Could it be anything related to SameSite cookies or Strict site isolation changes or other security related changes in Chrome 63?

The issue appears similar to this Chromium bug that was fixed October 2016: https://bugs.chromium.org/p/chromium/issues/detail?id=634311

The Webview does however have ThirdParty cookies enabled in the SystemCookieManager class of the Cordova library (Cordova Android 6.4.0):


{code:java}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
            cookieManager.setAcceptThirdPartyCookies(webView, true);

        }
{code}


Apologies if I haven't specified anything clearly enough. I'm happy to provide additional information if anyone can help with this issue.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org