Bug 188691 - REGRESSION (iOS 12): WKWebView cookies are empty in responseHeaders
Summary: REGRESSION (iOS 12): WKWebView cookies are empty in responseHeaders
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Local Build
Hardware: iPhone / iPad Unspecified
: P1 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-08-16 21:23 PDT by Raghavendra
Modified: 2019-08-13 08:18 PDT (History)
15 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raghavendra 2018-08-16 21:23:15 PDT
in IOS11 cookies can be read in decidePolicyForNavigationResponse as specified below.

- (void)webView:(WKWebView *)webView decidePolicyForNavigationResponse:(WKNavigationResponse *)navigationResponse decisionHandler:(void (^)(WKNavigationResponsePolicy))decisionHandler
{
 
NSDictionary *allFields = [(NSHTTPURLResponse*)response allHeaderFields];
NSArray *cookies = [NSHTTPCookie cookiesWithResponseHeaderFields:allFields forURL:[NSURL URLWithString:@""]];
//in iOS11 all cookies array contain all cookies
//in IOS12 beta, cookies are empty.

}

Since WkWebView default cookie APIs are still not providing correct cookie information, it is very important to rely cookie information from WkWebView Delegate Callbacks.
In iOS 12 Beta 8, we are seeing the Cookies are empty. 
To confirm again, Cookie information can be read in iOS11.2.x+ WkWebView.
Comment 1 Radar WebKit Bug Importer 2018-08-17 16:56:49 PDT
<rdar://problem/43445256>
Comment 2 Chris Dumez 2018-08-17 18:03:33 PDT
Yes, this was an intentional behavior change.
Comment 3 John Polston 2018-08-17 18:08:40 PDT
Chris, is this intentional just for this build (Beta 8) or is this permanent and if so, is there a documented work-around or alternate method?
Comment 4 Geoffrey Garen 2018-08-17 20:34:12 PDT
> Since WkWebView default cookie APIs are still not providing correct cookie
> information

Can you clarify this problem?
Comment 5 Raghavendra 2018-08-18 09:28:38 PDT
WKHTTPCookieStore has below API to fetch cookies.
- (void)getAllCookies:(void (^)(NSArray<NSHTTPCookie *> *))completionHandler;

But the API does not work consistently. Sometimes it gets the cookies and sometimes it provides the old cookies even though new Cookies or updated cookies are available.
This API has not worked in iOS11 too and it's inconsistent behavior is continues to be there in iOS12 beta too.


What is the reason for not allowing apps to read cookies from headers? Each application is different, framework/platform should be rich to provide the required details through appropriate APIs. By fencing/curtailing capabilities do not add any value to users through development eco system.
Comment 6 Sihui Liu 2018-08-22 22:35:23 PDT
(In reply to Raghavendra from comment #5)
> WKHTTPCookieStore has below API to fetch cookies.
> - (void)getAllCookies:(void (^)(NSArray<NSHTTPCookie *> *))completionHandler;
> 
> But the API does not work consistently. Sometimes it gets the cookies and
> sometimes it provides the old cookies even though new Cookies or updated
> cookies are available.
> This API has not worked in iOS11 too and it's inconsistent behavior is
> continues to be there in iOS12 beta too.
> 
> 
> What is the reason for not allowing apps to read cookies from headers? Each
> application is different, framework/platform should be rich to provide the
> required details through appropriate APIs. By fencing/curtailing
> capabilities do not add any value to users through development eco system.

Could you provide a test case where getAllCookies of WKHTTPCookieStore returns wrong cookies?
Comment 7 bchenindeed 2018-08-24 15:24:21 PDT
(In reply to John Polston from comment #3)
> Chris, is this intentional just for this build (Beta 8) or is this permanent
> and if so, is there a documented work-around or alternate method?

Yes.  Would like an update on this as well.  I'm guessing this might be a fairly impactful decision for a number of developers.
Comment 8 Sihui Liu 2018-08-29 11:04:48 PDT
HTTP headers in response are filtered for security. https://bugs.webkit.org/show_bug.cgi?id=184310

The intended way to retrieve cookies now is via WKHTTPCookieStore API. For cases it doesn't work as expected, please file a bug so we could improve it.
Comment 9 bchenindeed 2018-08-29 13:22:43 PDT
Done: https://bugs.webkit.org/show_bug.cgi?id=188995
Comment 10 Lorenzo Boaro 2018-10-22 06:18:01 PDT
This change has a deep impact.

Currently WKWebView does not offer an API to deal with third part cookies as per https://bugs.webkit.org/show_bug.cgi?id=140205.

WKHTTPCookieStore does not have an API in order to deal with this scenario.

Any workaround in the short term?

Thanks,
Lorenzo