Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cookies are not working in an iframe in Android Webview

Tags:

javascript

android

cookies

iframe

webview

One user of my Webview based browser app reported an issue with embedding Google Calendar in an iframe. It looks like the iframe loaded by Android Webview (latest version from Google Play, tested with Android 6) can't read or set any cookies.

The issue is not present in Google Chrome on the same device. It seems to be related to Android Webview only.

I can reproduce the issue with following site.

<!DOCTYPE html>
    <html>
    <head>
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
    </head>
    <body>
    <a href="http://www.w3schools.com/js/js_cookies.asp">Cookies Management</a>
    <br><br>
    <iframe style="margin-top: 30px; border-width: 1px;" src="http://www.w3schools.com/js/js_cookies.asp" width="400" height="672" scrolling="yes"></iframe>
    </body>
    </html>

If you open the cookie site via link in the main frame you can set/read cookies by the buttons "Create Cookie..." or "Display All Cookies". In the iframe however displaying all cookies always returns an empty result. Even if you create a cookie in the iframe displaying all cookies then gets an empty result.

Are there any Webview settings affecting this behaviour?

like image 492
Alexey Ozerov Avatar asked Jul 30 '16 09:07

Alexey Ozerov

People also ask

Do cookies work in IFrames?

Only the domain which created the cookie can read its cookie. So you have to read the cookie from within the iframe and then pass it to the parent window. If you don't have access or control over the page in the iframe then there is no way to get the cookie value.

Does iframe work in WebView?

An Android WebView instance with default configuration and JavaScript enabled allows an iframe on a different origin to bypass same-origin policies and execute arbitrary JavaScript in the top document. To perform the attack, an iframe can call window.

Does WebView save cookies?

By doing so, whenever a cookie is set by the API through the API call using the particular instance of okHttpClient , the cookie will be stored automatically and will be used by Webview launched by the App.

1 Answers

I don't know why but the behaviour can be improved by enabling third party cookies like this:

    if(android.os.Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP)
        CookieManager.getInstance().setAcceptThirdPartyCookies(webView,true);

After doing so the cookies are working in an iFrame as expected.

like image 127
Alexey Ozerov Avatar answered Sep 18 '22 20:09

Alexey Ozerov
Sign in to Comment

Related questions

Javascript ternary operator result
Force show bootstrap tooltip using javascript
Using Underscore.js to filter an array of objects on a property using a 'contains'
What is the lodash equivalent for a reverse for loop?
How do I convert a string to spinal case in JavasScript?
How to access class variable in callback in Typescript?
Vuejs recursive component on Vueify
How to get a certain Croppie JavaScript to rotate using buttons
Speed up the page with 80,000 markers on google map [closed]
Capture an argument passed to function in different JavaScript file using Jasmine
Using <br> instead of <p> in Summernote?
Why IIFE this keyword refers to window object..?
Chart.js stacked and grouped bar chart
Is it not possible to create a map datatype in QML?
React JS how to get script inside dangerouslySetInnerHTML executed
Is there an Angular 2 equivalent for 'angular.element($0).scope()'
AngularJS: disable button when input fields are empty
How to select one item of ListView in React-Native?
Node.js electron-prebuilt error cannot find module 'browser-window' windows 10
Where did the argument go in this example?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!