Faisal Akhtar created CB-13655:
----------------------------------
Summary: Android Cordova App with IFrames Chrome 63 No Request
Headers Cookies
Key: CB-13655
URL: https://issues.apache.org/jira/browse/CB-13655
Project: Apache Cordova
Issue Type: Bug
Components: cordova-android
Environment: Chrome 63 android devices
Reporter: Faisal Akhtar
Assignee: Joe Bowser
Priority: Blocker
Since the release of Chrome 63 on Android, on the 6th December 2017, I have
encountered a problem with my companies Cordova based Android app. This app
includes IFrames that allow users to navigate parts of my companies eCommerce
website from within the app.
The navigation between pages loaded in the IFrames no longer send any cookie
information in the Request Headers.
Information such as Session Ids that are stored in a cookie are not passed
across to the next page, which in turn causes the next page to start a whole
new user session!
What is strange however is that any AJAX calls preformed within a page on the
IFrames (e.g. To retrieve the number of items in the basket) and asset requests
(css js, image files etc) do send cookie information in the request headers
fine. The session id in these headers are identical between pages, indicating
session persistence.
Cookies are being created ok and I can see them when using the Chrome developer
tools within the Application panel under the companies domain. They just aren't
being passed to the next page.
I experienced this issue on an Android 7.1.1 device. When I disable the Chrome
app on this device the cookie request headers in the IFrames in the app begin
to work fine again, presumably the Cordova Webview is no longer using Chrome
when it is disabled?
Does anyone know what may be causing this issue? Could it be anything related
to SameSite cookies or Strict site isolation changes or other security related
changes in Chrome 63?
The issue appears similar to this Chromium bug that was fixed October 2016:
https://bugs.chromium.org/p/chromium/issues/detail?id=634311
The Webview does however have ThirdParty cookies enabled in the
SystemCookieManager class of the Cordova library (Cordova Android 6.4.0):
{code:java}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
cookieManager.setAcceptThirdPartyCookies(webView, true);
}
{code}
Apologies if I haven't specified anything clearly enough. I'm happy to provide
additional information if anyone can help with this issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
