NEW 188691
REGRESSION (iOS 12): WKWebView cookies are empty in responseHeaders 
https://bugs.webkit.org/show_bug.cgi?id=188691
Summary REGRESSION (iOS 12): WKWebView cookies are empty in responseHeaders
Raghavendra
Reported 2018-08-16 21:23:15 PDT
in IOS11 cookies can be read in decidePolicyForNavigationResponse as specified below. - (void)webView:(WKWebView *)webView decidePolicyForNavigationResponse:(WKNavigationResponse *)navigationResponse decisionHandler:(void (^)(WKNavigationResponsePolicy))decisionHandler { NSDictionary *allFields = [(NSHTTPURLResponse*)response allHeaderFields]; NSArray *cookies = [NSHTTPCookie cookiesWithResponseHeaderFields:allFields forURL:[NSURL URLWithString:@""]]; //in iOS11 all cookies array contain all cookies //in IOS12 beta, cookies are empty. } Since WkWebView default cookie APIs are still not providing correct cookie information, it is very important to rely cookie information from WkWebView Delegate Callbacks. In iOS 12 Beta 8, we are seeing the Cookies are empty. To confirm again, Cookie information can be read in iOS11.2.x+ WkWebView.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-08-17 16:56:49 PDT
<rdar://problem/43445256>
Chris Dumez
Comment 2 2018-08-17 18:03:33 PDT
Yes, this was an intentional behavior change.
John Polston
Comment 3 2018-08-17 18:08:40 PDT
Chris, is this intentional just for this build (Beta 8) or is this permanent and if so, is there a documented work-around or alternate method?
Geoffrey Garen
Comment 4 2018-08-17 20:34:12 PDT
> Since WkWebView default cookie APIs are still not providing correct cookie > information Can you clarify this problem?
Raghavendra
Comment 5 2018-08-18 09:28:38 PDT
WKHTTPCookieStore has below API to fetch cookies. - (void)getAllCookies:(void (^)(NSArray<NSHTTPCookie *> *))completionHandler; But the API does not work consistently. Sometimes it gets the cookies and sometimes it provides the old cookies even though new Cookies or updated cookies are available. This API has not worked in iOS11 too and it's inconsistent behavior is continues to be there in iOS12 beta too. What is the reason for not allowing apps to read cookies from headers? Each application is different, framework/platform should be rich to provide the required details through appropriate APIs. By fencing/curtailing capabilities do not add any value to users through development eco system.
Sihui Liu
Comment 6 2018-08-22 22:35:23 PDT
(In reply to Raghavendra from comment #5) > WKHTTPCookieStore has below API to fetch cookies. > - (void)getAllCookies:(void (^)(NSArray<NSHTTPCookie *> *))completionHandler; > > But the API does not work consistently. Sometimes it gets the cookies and > sometimes it provides the old cookies even though new Cookies or updated > cookies are available. > This API has not worked in iOS11 too and it's inconsistent behavior is > continues to be there in iOS12 beta too. > > > What is the reason for not allowing apps to read cookies from headers? Each > application is different, framework/platform should be rich to provide the > required details through appropriate APIs. By fencing/curtailing > capabilities do not add any value to users through development eco system. Could you provide a test case where getAllCookies of WKHTTPCookieStore returns wrong cookies?
bchenindeed
Comment 7 2018-08-24 15:24:21 PDT
(In reply to John Polston from comment #3) > Chris, is this intentional just for this build (Beta 8) or is this permanent > and if so, is there a documented work-around or alternate method? Yes. Would like an update on this as well. I'm guessing this might be a fairly impactful decision for a number of developers.
Sihui Liu
Comment 8 2018-08-29 11:04:48 PDT
HTTP headers in response are filtered for security. https://bugs.webkit.org/show_bug.cgi?id=184310 The intended way to retrieve cookies now is via WKHTTPCookieStore API. For cases it doesn't work as expected, please file a bug so we could improve it.
bchenindeed
Comment 9 2018-08-29 13:22:43 PDT
Done: https://bugs.webkit.org/show_bug.cgi?id=188995
Lorenzo Boaro
Comment 10 2018-10-22 06:18:01 PDT
This change has a deep impact. Currently WKWebView does not offer an API to deal with third part cookies as per https://bugs.webkit.org/show_bug.cgi?id=140205. WKHTTPCookieStore does not have an API in order to deal with this scenario. Any workaround in the short term? Thanks, Lorenzo
Note You need to log in before you can comment on or make changes to this bug.