El vie, 16-09-2016 a las 20:31 -0500, Michael Catanzaro escribió:
> Hi,
> In [1] a user discovered that Google Inbox is broken in Epiphany only
> when used as a web app. The problem is that when creating a web app,
> we
> copy all cookies for the web app's domain into the web app profile
> dir,
> but no other cookies. Turns out Inbox depends on third-party cookies
> (actually cookies from a different google domain) and breaks if Inbox
> cookies are present without those other cookies. It uses frames,
> which
> must be why our normal cookie policy (block third party cookies by
> default) doesn't break Inbox.
> Possible fixes:
>  * Copy no cookies. User needs to log in again the first time the web
> app is opened. One time cost. I'm leaning toward this right now, but
> it
> seems a shame to remove this feature to work around a Google bug.
>  * Copy all cookies. Almost all the cookies saved in the web app's
> profile directory will then be unnecessary, and it will be impossible
> to ever clear them.
>  * Copy cookies only from the second-level domain (google.com). I
> expect it would fix this case, but what if other sites have the same
> problem. Also, this seems strange because it doesn't parallel the
> normal security model for the web; subdomains are not trusted by
> parent
> domains.
> Thoughts, preferences, suggestions?

If it's a gmail specific issue I would handle that as such, so when the
web app is for gmail I would not copy any cookie.

> Michael
> [1] https://bugzilla.gnome.org/show_bug.cgi?id=771540
> _______________________________________________
> epiphany-list mailing list
> epiphany-list@gnome.org
> https://mail.gnome.org/mailman/listinfo/epiphany-list
Carlos Garcia Campos

Attachment: signature.asc
Description: This is a digitally signed message part

epiphany-list mailing list

Reply via email to