You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Sol Bekic (JIRA)" <ji...@apache.org> on 2016/10/10 14:22:20 UTC
[jira] [Updated] (CB-11989) 3rd Party Cookie Policy impossible to
set
[ https://issues.apache.org/jira/browse/CB-11989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sol Bekic updated CB-11989:
---------------------------
Description:
It appears to be currently impossible to set the {{acceptThirdPartyCookies}} option for [android.webkit.CookieManager|https://developer.android.com/reference/android/webkit/CookieManager.html] or a similar security measure (there is no method {{setAcceptThirdPartyCookies}} in {{ICordovaCookieManager}}, it's default implementation or the Crosswalk implementation).
Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping {{Cookie}} and {{Set-Cookie}} headers from requests leaving the currently-visited domain, regardless of {{access}} and {{allow-origin}} rules in the config.xml.
in Version 4.* the {{CordovaWebView}} extended {{android.webkit.WebView}} and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.
was:
It appears to be currently impossible to set the 'acceptThirdPartyCookies' option for [android.webkit.CookieManager|https://developer.android.com/reference/android/webkit/CookieManager.html] or a similar security measure (there is no method `setAcceptThirdPartyCookies` in `ICordovaCookieManager`, it's default implementation or the Crosswalk implementation).
Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping `Cookie` and `Set-Cookie` headers from requests leaving the currently-visited domain, regardless of `access` and `allow-origin` rules in the config.xml.
in Version 4.* the `CordovaWebView` extended `android.webkit.WebView` and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.
> 3rd Party Cookie Policy impossible to set
> -----------------------------------------
>
> Key: CB-11989
> URL: https://issues.apache.org/jira/browse/CB-11989
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Affects Versions: 5.1.1
> Reporter: Sol Bekic
>
> It appears to be currently impossible to set the {{acceptThirdPartyCookies}} option for [android.webkit.CookieManager|https://developer.android.com/reference/android/webkit/CookieManager.html] or a similar security measure (there is no method {{setAcceptThirdPartyCookies}} in {{ICordovaCookieManager}}, it's default implementation or the Crosswalk implementation).
> Yet in our app we can clearly observe (and suffer the consequences) of some security mechanism stripping {{Cookie}} and {{Set-Cookie}} headers from requests leaving the currently-visited domain, regardless of {{access}} and {{allow-origin}} rules in the config.xml.
> in Version 4.* the {{CordovaWebView}} extended {{android.webkit.WebView}} and so a fix was merged in issue CB-8026 apparently, but it seems that there has been a regression.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org