Bug 281385
Summary: | Safari 18.0 Browser Extensions Fail to Set Cookies while expirationDate Exists | ||
---|---|---|---|
Product: | WebKit | Reporter: | K <khaledenglish> |
Component: | WebKit Extensions | Assignee: | Timothy Hatcher <timothy> |
Status: | RESOLVED FIXED | ||
Severity: | Critical | CC: | timothy, webkit-bug-importer |
Priority: | P2 | Keywords: | InRadar |
Version: | Safari 18 | ||
Hardware: | All | ||
OS: | macOS 15 | ||
Bug Depends on: | 283110 | ||
Bug Blocks: |
K
Starting from Safari 18.0, browser extensions (on iOS, iPadOS, and macOS) cannot set persistent cookies using `browser.cookies.set()` if the parameter `expirationDate` is present.
For example,
(a) this does not set cookies (the result of `browser.cookies.get("cookie_name")` is null:
=============================
browser.cookies.set({
name: "cookie_name",
url: "url_string_goes_here",
value: "jwt_token_goes_here",
domain: "domain_string_goes_here",
secure: true,
sameSite: "lax",
expirationDate: number_of_seconds_to_live
});
while (b) this works:
=====================
browser.cookies.set({
name: "cookie_name",
url: "url_string_goes_here",
value: "jwt_token_goes_here",
domain: "domain_string_goes_here",
secure: true,
sameSite: "lax",
});
HOWEVER, (b) is now a "session" cookie that cannot be used to save JWTs. The moment the user closes the browser, they need to login again!
This problem started from Safari 18.0, and did not exist in Safari 17.
The current released of Safari (i.e., 18.0.1) still has this bug.
Reference: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/set
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/137812683>
Timothy Hatcher
Pull request: https://github.com/WebKit/WebKit/pull/35559
EWS
Committed 285552@main (b66e4895df40): <https://commits.webkit.org/285552@main>
Reviewed commits have been landed. Closing PR #35559 and removing active labels.
EWS
Committed 283286.357@safari-7620-branch (2e81a87a6d53): <https://commits.webkit.org/283286.357@safari-7620-branch>
Reviewed commits have been landed. Closing PR #2124 and removing active labels.