You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Sol Bekic (JIRA)" <ji...@apache.org> on 2016/10/10 14:22:20 UTC

[jira] [Updated] (CB-11989) 3rd Party Cookie Policy impossible to set

     [ https://issues.apache.org/jira/browse/CB-11989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sol Bekic updated CB-11989:
---------------------------
    Description: 
It appears to be currently impossible to set the {{acceptThirdPartyCookies}} option for [android.webkit.CookieManager|https://developer.android.com/reference/android/webkit/CookieManager.html] or a similar security measure (there is no method {{setAcceptThirdPartyCookies}} in {{ICordovaCookieManager}}, it's default implementation or the Crosswalk implementation).

Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping {{Cookie}} and {{Set-Cookie}} headers from requests leaving the currently-visited domain, regardless of {{access}} and {{allow-origin}} rules in the config.xml.

in Version 4.*  the {{CordovaWebView}} extended {{android.webkit.WebView}} and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.

  was:
It appears to be currently impossible to set the 'acceptThirdPartyCookies' option for [android.webkit.CookieManager|https://developer.android.com/reference/android/webkit/CookieManager.html] or a similar security measure (there is no method `setAcceptThirdPartyCookies` in `ICordovaCookieManager`, it's default implementation or the Crosswalk implementation).

Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping `Cookie` and `Set-Cookie` headers from requests leaving the currently-visited domain, regardless of `access` and `allow-origin` rules in the config.xml.

in Version 4.*  the `CordovaWebView` extended `android.webkit.WebView` and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.


> 3rd Party Cookie Policy impossible to set
> -----------------------------------------
>
>                 Key: CB-11989
>                 URL: https://issues.apache.org/jira/browse/CB-11989
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 5.1.1
>            Reporter: Sol Bekic
>
> It appears to be currently impossible to set the {{acceptThirdPartyCookies}} option for [android.webkit.CookieManager|https://developer.android.com/reference/android/webkit/CookieManager.html] or a similar security measure (there is no method {{setAcceptThirdPartyCookies}} in {{ICordovaCookieManager}}, it's default implementation or the Crosswalk implementation).
> Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping {{Cookie}} and {{Set-Cookie}} headers from requests leaving the currently-visited domain, regardless of {{access}} and {{allow-origin}} rules in the config.xml.
> in Version 4.*  the {{CordovaWebView}} extended {{android.webkit.WebView}} and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org