[GitHub] [cordova-ios] swethachakravarthy commented on issue #1088: Feature Request: Support iOS App Bound Domains to enable CORS authentication cookies

[GitBox <gi...@apache.org>]

swethachakravarthy commented on issue #1088:
URL: https://github.com/apache/cordova-ios/issues/1088#issuecomment-902327020


   We have a cordova ios app that requires user to login via an authentication service which sets some cookies that are used later for authentication and usage of certain services. Once user is logged in, user has the ability to navigate to pages within the same domain as well as to pages that host content from a different domain via the iframe tag. And before the content is loaded into the iframe user has to be authenticated again with the same service provider that set the cookies when user first logged into the app. We are using cordova-plugin-custom-url-scheme so the the http request url for inappbrowser pages is in the format <custom scheme>://app. When user clicks on a link within our app a request is made to the external page and the content returned is displayed within the iframe but before this happens user has to be  authenticated silently through cookies that were set earlier during the initial login to the app. This workflow was working fine prior to iOS 14+ but not worki
 ng any more. Since the domain from which pages are loaded in the iframe is different from the domain that hosts the iframes(i.e. 'app' in this case) ITP goes into effect and prevents access to authentication cookies that were set outside the parent page hosting the iframe. I'm looking for a workaround so the page hosted within the iframe from another domain has access to the cookies set in the parent context and user is automatically logged in silently and content gets displayed within the iframe. I think App Bound Domains seemed to have worked well for some people to overcome ITP issues. So I added these entries in info.plist file.
   ```
   <key>WKAppBoundDomains</key>
       <array>
           <string>app</string>
          <string>**XYZ.com( domain of page hosted within the iframe)**</string>
       </array>
   ```
   I have also added the code snippet below to the method createConfigurationFromSettings in the file CDVWebViewEngine.m 
   ```
     if(@available(iOS 14.0, *)) {
           configuration.limitsNavigationsToAppBoundDomains=true;
       }
   ```
   But I'm still having the same issue of an error being displayed when user clicks on the link that opens up the page with an iframe hosting content from a web page from a different domain. The authentication step prior to navigating to iframe url fails most likely as authentication cookies set earlier are no longer accessible within the iframe. Can someone who has had a similar problem and who were able to solve this problem please let me know whats missing?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org