cordova-plugin-wkwebview-engine icon indicating copy to clipboard operation
cordova-plugin-wkwebview-engine copied to clipboard

Published 20 hours ago verified publisher icon apache

WKWebView does not update document.cookie

Open EiyuuZack opened this issue 5 years ago • 0 comments

Bug Report

Problem

I have an iOS Cordova application where I need to intercept requests. I have extended CDVWKWebViewEngine to set a custom scheme handler

- (WKWebViewConfiguration*) createConfigurationFromSettings:(NSDictionary*)settings{
    WKWebViewConfiguration *configuration = [super createConfigurationFromSettings:settings];
    
    [configuration setURLSchemeHandler:self forURLScheme:@"myapp"];
    
    return configuration;
}

My Cordova app loads using that scheme in order to intercept the first (and following) requests. I have the following in my config.xml file

<content src="myapp://host.domain.com/app/" />
<allow-navigation href="myapp://*/*" />

After intercepting and the request in startURLSchemeTask, I massage the request as required, replace myapp with https and send it using NSURLSessionDataTask.

Upon receiving the response I just pass it on to the WKWebView. When a response contains a Set-Cookie header I expect the cookie to be set by the WKWebView.

Example cookie header: Set-Cookie: foo=bar; Domain=host.domain.com; Path=/

However the Safari inspector shows no cookie and document.cookie is always empty.

What is expected to happen?

The cookie is set by WKWebView shows in Safari inspector and it can be accessed through document.cookie.

What does actually happen?

The cookie is not shown in Safari inspector and document.cookie returns empty. In fact just trying to do document.cookie="name=value" directly in the Safari inspector does nothing -- document.cookie still returns "".

Information

The Set-Cookie header is present in the response that is passed onto the WKWebView. Screenshot 2019-06-19 at 16 43 14

Command or Code

  1. Load the app using a custom scheme (e.g. myscheme).

  2. Attach and open the Safari inspector and validate window.origin starts with mycheme://... and that document.domain is correct (host.domain.com in my example)

  3. Perform a XHR request to a myscheme://url that returns a cookie like in the example above. Intercept the request, change the scheme to https, send it using NSURLSessionDataTask and return the response to WKWebView.

  4. In Safari inspector check the request & response presence in the Network tab

  5. Open Storage tab and validate the cookie returned in the header is missing

  6. Type document.cookie in console and it will return ""

  7. Optional: type document.cookie="foo=bar" and validate it remains empty

Environment, Platform, Device

iPhone device or simulator -- happens anywhere.

Version information

cordova-cli 9.0.0 cordova-ios 4.5.5 Xcode 10.2.1

Checklist

  • [x] I searched for existing GitHub issues
  • [ ] I updated all Cordova tooling to most recent version
  • [x] I included all the necessary information above

EiyuuZack avatar Jun 19 '19 16:06 EiyuuZack