Bug 210598
| Summary: | Cannot disable Javascript access to cookies or local storage in WKWebView | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Robbie Gibson <rkgibson> |
| Component: | WebKit API | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, ajuma, beidson, ggaren, mjs, webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | iPhone / iPad | ||
| OS: | All | ||
Robbie Gibson
Chrome on iOS wants to improve our settings around cookie blocking, especially around third party cookies. We would like to allow users to block cookies or third-party cookies on some or all domains so users have more control over their own privacy.
Currently, the Content Blocker API allows us to do most of this, but it only affects requests. There is no API to block Javascript access to cookies and other local storage. Using just the Content Blocker rules to block cookies on foo.com would still allow Javascript on that page access. Similarly, blocking third-party cookies would still allow a third party iframe to access cookies via Javascript.
There are injectable Javascript solutions (e.g. 207545) that can disable access, but these are difficult to control (i.e. only block on specific urls or only block on iframes with certain top urls).
We could introduce these settings if we were given a way to disable access to cookies and local storage on a per-frame basis, depending on the url/origin of the frame and the top url.
Radar filed at 7665762
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
rdar://problem/61882584