Bug 180922
| Summary: | Intelligent Tracking Prevention removes cookie in a first-party context | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | jaffadog |
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | ||
| Priority: | P2 | ||
| Version: | Safari 11 | ||
| Hardware: | Mac | ||
| OS: | macOS 10.13 | ||
jaffadog
Safari 11.0.1 on MacOS 10.13.1. Issue also reproducible on iOS devices.
When I visit https://mywindy.com/ I see the site issues an auth_token session cookie in the response to the first request. However, Safari does not submit that cookie in subsequent requests to https://mywindy.com/ leading to 401s. The issue manifests when "prevent cross-site tracking" is checked, and does not manifest when that option is unchecked. This would seem to be a simple first-party context situation.
Regards,
Jeremy
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
jaffadog
investigating further to properly characterize the issue...