El vie, 16-09-2016 a las 20:31 -0500, Michael Catanzaro escribió: > Hi, > > In [1] a user discovered that Google Inbox is broken in Epiphany only > when used as a web app. The problem is that when creating a web app, > we > copy all cookies for the web app's domain into the web app profile > dir, > but no other cookies. Turns out Inbox depends on third-party cookies > (actually cookies from a different google domain) and breaks if Inbox > cookies are present without those other cookies. It uses frames, > which > must be why our normal cookie policy (block third party cookies by > default) doesn't break Inbox. > > Possible fixes: > > * Copy no cookies. User needs to log in again the first time the web > app is opened. One time cost. I'm leaning toward this right now, but > it > seems a shame to remove this feature to work around a Google bug. > * Copy all cookies. Almost all the cookies saved in the web app's > profile directory will then be unnecessary, and it will be impossible > to ever clear them. > * Copy cookies only from the second-level domain (google.com). I > expect it would fix this case, but what if other sites have the same > problem. Also, this seems strange because it doesn't parallel the > normal security model for the web; subdomains are not trusted by > parent > domains. > > Thoughts, preferences, suggestions?
If it's a gmail specific issue I would handle that as such, so when the web app is for gmail I would not copy any cookie. > Michael > > [1] https://bugzilla.gnome.org/show_bug.cgi?id=771540 > _______________________________________________ > epiphany-list mailing list > epiphany-list@gnome.org > https://mail.gnome.org/mailman/listinfo/epiphany-list -- Carlos Garcia Campos http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
signature.asc
Description: This is a digitally signed message part
_______________________________________________ epiphany-list mailing list epiphany-list@gnome.org https://mail.gnome.org/mailman/listinfo/epiphany-list
