cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Faisal Akhtar (JIRA)" <>
Subject [jira] [Created] (CB-13655) Android Cordova App with IFrames Chrome 63 No Request Headers Cookies
Date Mon, 11 Dec 2017 15:43:00 GMT
Faisal Akhtar created CB-13655:

             Summary: Android Cordova App with IFrames Chrome 63 No Request Headers Cookies
                 Key: CB-13655
             Project: Apache Cordova
          Issue Type: Bug
          Components: cordova-android
         Environment: Chrome 63 android devices 
            Reporter: Faisal Akhtar
            Assignee: Joe Bowser
            Priority: Blocker

Since the release of Chrome 63 on Android, on the 6th December 2017, I have encountered a
problem with my companies Cordova based Android app. This app includes IFrames that allow
users to navigate parts of my companies eCommerce website from within the app.

The navigation between pages loaded in the IFrames no longer send any cookie information in
the Request Headers.

Information such as Session Ids that are stored in a cookie are not passed across to the next
page, which in turn causes the next page to start a whole new user session!

What is strange however is that any AJAX calls preformed within a page on the IFrames (e.g.
To retrieve the number of items in the basket) and asset requests (css js, image files etc)
do send cookie information in the request headers fine. The session id in these headers are
identical between pages, indicating session persistence.

Cookies are being created ok and I can see them when using the Chrome developer tools within
the Application panel under the companies domain. They just aren't being passed to the next

I experienced this issue on an Android 7.1.1 device. When I disable the Chrome app on this
device the cookie request headers in the IFrames in the app begin to work fine again, presumably
the Cordova Webview is no longer using Chrome when it is disabled?

Does anyone know what may be causing this issue? Could it be anything related to SameSite
cookies or Strict site isolation changes or other security related changes in Chrome 63?

The issue appears similar to this Chromium bug that was fixed October 2016:

The Webview does however have ThirdParty cookies enabled in the SystemCookieManager class
of the Cordova library (Cordova Android 6.4.0):

            cookieManager.setAcceptThirdPartyCookies(webView, true);


Apologies if I haven't specified anything clearly enough. I'm happy to provide additional
information if anyone can help with this issue.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message