RESOLVED FIXED 188783
Cookies not available when requestStorageAccess successfully resolves after "allow" in ITP prompt 
https://bugs.webkit.org/show_bug.cgi?id=188783
Summary Cookies not available when requestStorageAccess successfully resolves after "...
Ulf Liedberg
Reported 2018-08-21 04:36:25 PDT
John Wilander asked me to file a bug here after a bit of discussion on twitter. Not sure if I'm misunderstanding/misusing the Storage Access API but here's my case. When the user answers "allow" on the ITP prompt the cookies are not available in the 3rd party context directly. Not in the requestStorageAccess success callback and not afterwards. If the iframe is __reloaded__ and requestStorageAccess called it's, as expected, automatically successfully resolved and I have access to cookies. Reproduction repo: https://github.com/uliedberg/itp2-test/tree/master/basic-basic-browser-set-cookies-only . I've also put up the main & third party parts on different domains for easier reproduction. The third party iframe page will call hasStorageAccess() on load. * > defaults write com.apple.SafariTechnologyPreview ResourceLoadStatisticsManualPrevalentResource liedberg.org * in Safari Technology Preview 63, clear history and then open: - https://www.alfhild.io/itp2/main/?thirdparty-url=https%3A%2F%2Fwww.liedberg.org%2Fitp2%2Fthirdparty%2F 1. Click "open popup" link (third party in main page) 2. Click "write cookie" link (popup page) 3. Click "close" link (popup page) 4. Click "request access" link (third party in main page) 5. Select "allow" in ITP prompt (main page) - at this point the third party iframe tries to read the cookie but no value 6. Click "read cookie" link (third party in main page) - no value still 7. Click "reload iframe" link (third party in main page) 8. Click "request access" link (third party in main page) - __now__ the cookies are available
Attachments
Patch (2.07 KB, patch)
2018-08-21 14:56 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
John Wilander
Comment 1 2018-08-21 06:36:44 PDT
Thanks, Ulf!
Radar WebKit Bug Importer
Comment 2 2018-08-21 06:37:22 PDT
<rdar://problem/43559215>
John Wilander
Comment 3 2018-08-21 14:56:48 PDT
Created attachment 347705 [details] Patch
John Wilander
Comment 4 2018-08-21 15:01:33 PDT
I found the bug, and it's related to the other bug you reported about the prompt showing the full host names instead of eTLD+1s. The specific code path for the prompt sends the host names instead of the eTLD+1s which means storage access is granted for the host and not the eTLD+1. Then, when cookie resolution happens, there is no storage access entry for the eTLD+1 and thus no cookies. The second code path, i.e. without a prompt, correctly stores and entry for the eTLD+1 and resolution works. Again, thanks for the bug report, Ulf!
John Wilander
Comment 5 2018-08-21 15:25:45 PDT
Comment on attachment 347705 [details] Patch Thanks, Alex!
WebKit Commit Bot
Comment 6 2018-08-21 16:32:39 PDT
Comment on attachment 347705 [details] Patch Clearing flags on attachment: 347705 Committed r235145: <https://trac.webkit.org/changeset/235145>
WebKit Commit Bot
Comment 7 2018-08-21 16:32:41 PDT
All reviewed patches have been landed. Closing bug.
Ulf Liedberg
Comment 8 2018-08-21 23:45:51 PDT
Happy to help!
Note You need to log in before you can comment on or make changes to this bug.