abhinavms opened a new issue #1228: URL: https://github.com/apache/cordova-ios/issues/1228
# Bug Report ## Problem Even after allowing cross-site tracking in the app setting to disable ITP, the 3rd party cookies are still not being set in iframe. The Storage Access API denies the request to access storage. This causes login to fail in the iframe. ### What is expected to happen? Cookies should be stored and sent in every request ### What does actually happen? Cookies are not being stored ## Information <!-- Include all relevant information that might help understand and reproduce the problem --> I have created a sample application to illustrate the problem. Link - https://github.com/abhinavms/cordova-3rdparty-cookie The webview loads URL [abhinavms.github.io/cookieTest](https://abhinavms.github.io/cookieTest/). It has an iframe that loads [cookie-set-test.herokuapp](https://cookie-set-test.herokuapp.com/) ([Source code](https://github.com/abhinavms/cookie)). [cookie-set-test.herokuapp](https://cookie-set-test.herokuapp.com/) sends a request to set a cookie and verify if the cookie was set. It also displays if the Storage Access API has granted access. With the latest Xcode version, it is observed that the cookie is never being set in the iframe unless already a first-party cookie was available. This issue was also reproducible in iOS 12.4, which doesn't have ITP Observations 1. The iframe does not have the Storage Access API, therefore cookies are not being stored 2. document.requestStorageAccess() is denying the request to access storage to save cookies 3. If the 3rd party domain already has a 1st party cookie, then storage access is given and it can load in the iframe ### Environment, Platform, Device <!-- In what environment, on what platform or on which device are you experiencing the issue? --> Xcode 13.3 iOS 15.3, 12.4 ## Checklist <!-- Please check the boxes by putting an x in the [ ] like so: [x] --> - [x] I searched for existing GitHub issues - [x] I updated all Cordova tooling to most recent version - [x] I included all the necessary information above -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
