You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Faisal Akhtar (JIRA)" <ji...@apache.org> on 2017/12/11 15:43:00 UTC
[jira] [Created] (CB-13655) Android Cordova App with IFrames Chrome
63 No Request Headers Cookies
Faisal Akhtar created CB-13655:
----------------------------------
Summary: Android Cordova App with IFrames Chrome 63 No Request Headers Cookies
Key: CB-13655
URL: https://issues.apache.org/jira/browse/CB-13655
Project: Apache Cordova
Issue Type: Bug
Components: cordova-android
Environment: Chrome 63 android devices
Reporter: Faisal Akhtar
Assignee: Joe Bowser
Priority: Blocker
Since the release of Chrome 63 on Android, on the 6th December 2017, I have encountered a problem with my companies Cordova based Android app. This app includes IFrames that allow users to navigate parts of my companies eCommerce website from within the app.
The navigation between pages loaded in the IFrames no longer send any cookie information in the Request Headers.
Information such as Session Ids that are stored in a cookie are not passed across to the next page, which in turn causes the next page to start a whole new user session!
What is strange however is that any AJAX calls preformed within a page on the IFrames (e.g. To retrieve the number of items in the basket) and asset requests (css js, image files etc) do send cookie information in the request headers fine. The session id in these headers are identical between pages, indicating session persistence.
Cookies are being created ok and I can see them when using the Chrome developer tools within the Application panel under the companies domain. They just aren't being passed to the next page.
I experienced this issue on an Android 7.1.1 device. When I disable the Chrome app on this device the cookie request headers in the IFrames in the app begin to work fine again, presumably the Cordova Webview is no longer using Chrome when it is disabled?
Does anyone know what may be causing this issue? Could it be anything related to SameSite cookies or Strict site isolation changes or other security related changes in Chrome 63?
The issue appears similar to this Chromium bug that was fixed October 2016: https://bugs.chromium.org/p/chromium/issues/detail?id=634311
The Webview does however have ThirdParty cookies enabled in the SystemCookieManager class of the Cordova library (Cordova Android 6.4.0):
{code:java}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
cookieManager.setAcceptThirdPartyCookies(webView, true);
}
{code}
Apologies if I haven't specified anything clearly enough. I'm happy to provide additional information if anyone can help with this issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org