ASWebAuthenticationSession cookie

WKAppBoundDomains was introduced in iOS14. That is not allow evaluate Javascript, touch cookie storage or more without selected domains. I know this is for privacy and security. When it was introduced, I thought it will become default behavior in WKWebView. Doesn't WKAppBoundDomains become by default in iOS15? if not, is there a plan to enable WKAppBoundDomains for all WKWebViews?

How to disable Prevent cross site tracking in WKwebview for Mac app. NSCrossWebsiteTrackingUsageDescription key in info.plist doesn't seem to work. Also, no cookies received in decidePolicyForNavigationResponse delegate method of WKwebview. Though can see in network traces. Does WKwebview blocks 3rd party cookies.

My app was recently rejected because of non-compliance with App Tracking transparency because, while I do not use any kind of tracking in my app whatsoever, I do link out to the website that my company owns, and on that site, there are cookies. I obviously cannot control what the website does as I'm not on that team. Is there any way to launch a website that uses cookies without requiring the ATT popup? I've heard that SFSafariViewController is sufficient but WKWebview is not. Is this true? Is there something I can do to launch to the website (for things like FAQs) but avoid requiring the ATT popup?

I’ve written code that deletes WKWebView’s cookies that have specific domains. I use WKProcessPool to share cookies with other WKWebViews, so resetting it too. It basically works. But sometimes It fails once in fifty to a hundred times. A few cookies are still left even though the cookies’ domains match target domains. Any Advice? extension WKWebsiteDataStore { func deleteCookies(with domains: [String]) { // reset processpool InAppDataManager.resetWKProcessPool() //delete cookies with specific domains after fetching all cookies self.fetchDataRecords(ofTypes: WKWebsiteDataStore.allWebsiteDataTypes()) { [unowned self] records in self.httpCookieStore.getAllCookies() {(cookies) in cookies .filter { cookie in guard let _ = domains.first(where: { $0 == cookie.domain }) else { return false } return true } .forEach { cookie in self.httpCookieStore.delete(cookie) } } }

I need implement a feature where i require safari to read the httponly cookies. Right now safari does not support httponly cookie. Is there any alternative for this?

Hello, community We have an issue with synchronizing the cookies between storages HTTPCookieStorage and WKHTTPCookieStore. We use REST API requests and WKWebView as part of the application. Customer environment directly linked to cookies, so WKWebView and URLRequests both can change cookies and we need to check/sync for actual cookies in both storages after completing requests. As we know, by default from the box there is sync from HTTPCookieStorage to WKHTTPCookiesStorage, and there is no sync from WKHTTPCookieStorage to HTTPCookieStorage. But, as we know from the forum questions, sync from the box not working from ios 11.3. We created a custom CookieSync manager, which manually synchronizes cookies between storages after each request (API and WebView), with storage priority. For the manager, we use the same WKWebSiteDataStore, as for each WKWebView object. From our debug and testing processes results, we know that storages don't synchronize correctly. Maybe this

Hey there, I'm currently developing an iOS app that communicates to a NodeJS server as a backend. The server uses passport.js as an authentication middleware to allow users to login and authenticate requests to the server. I want to implement Sign in with Apple functionality to allow users to sign in with their existing Apple ID and I found a few passport plugins to support this functionality. My question is, is it possible to integrate Touch/Face ID with this login/authentication flow? The desired outcome I'm looking for is:user presses Sign in with Apple button --> iOS app prompts them with Touch/FaceID modal --> on success user account is created if it doesn't exist and/or user is logged in and iOS client receives a token or cookie for subsequent requests (the logic for this would be handled server side via passport) The closest I've come to the desired outcome is the user presses Sign in with Apple button which opens a web view containing the Apple's sign in web page which then prompts them

I'm testing ASWebAuthenticationSession with a site that has a counter increased each time the page loads and saved to localStorage to make sure ASWebAuthenticationSession share data with the site. The result was that ASWebAuthenticationSession in app and Safari don't share localStorage, even the app presents a pop-up to allow sharing data between the app and localhost (the site is localhost) I then test with cookie (expires in 1 day), it didn't get share, either. This is opposite to the behavior documented. Device: iPhone 11 Simulator, iOS 14.5 IDE: XCode 12.5 on macOS Big Sur - Macbook Pro M1

It seems to be a question that comes up often in different ways, but despite several hours of research I still haven't found a solution. I currently face an issue in Safari 14 on MacOS BigSur where cookies are never sent by Safari on XmlHttpRequests to an api on the same root domain. Indeed, i'm working on an Angular SPA where the client app is locally hosted at https://myapp.local and for tests purpose I have an api running locally on https://api.myapp.local. For some requests, we need to attach 2 cookies that are originally set by the API. I am able to see the said cookies in the API responses and in the storage section of Safari's DevTools, however they are never sent back to the server for subsequent XHR requests. (XHR with credentials) I did try different cookie's attributes but none of my tries were successful : sameSite=None, domain=myapp.local, Secure, httpOnly sameSite=Lax, domain=myapp.local, Secure, httpOnly The only way I found to get around the problem was to d

Hello, I'm currently struggling to figure out how I can make Apple sign in work with my app configuration. Maybe I'm just dumb, but I really can't figure out what I need to do to make it work. So I have a Next.js app setup server-side rendering my React frontend, and on a separate server, I have a Node.js (specifically Adonis.js) backend/api which I use to handle auth and sessions. I have both Facebook and Google OAuth2 logins setup and working perfectly, where I'm receiving a code as a query param in my callback url to my frontend, which the client then sends that code to my backend/api, which uses that code with the provider (FB or Google) to get their email, name, and any other data I could use to prevent the user from having to add later, and either create the user and log them in, or just log them in if they already exist using cookies. I don't need any sort of write access to their third party account, or anything more than reading their name and email so they don't have to enter it themselves,