Context:
I have an iOS Cordova application using WKWebView. I need to intercept WKWebView requests which is not possible using http|https scheme (it was possible using UIWebView but I have to move to WKWebView). Therefore I have set in Cordova's config.xml
<content src="xyz://host.domain.com/app" />
<allow-navigation href="xyz://*/*" />
and I have configured WKWebView to handle (intercept) xyz:// scheme:
[configuration setURLSchemeHandler:self forURLScheme:@"xyz"];
After attaching the Safari inspector to my iPhone document.origin outputs xyz://host.domain.com.
Assume a GET to https://host.domain.com/app/foo responds with the following headers:
Set-Cookie: a=1; Domain=host.domain.com; Path=/
Set-Cookie: b=2; Domain=host.domain.com; Path=/; Secure
Set-Cookie: c=3; Domain=host.domain.com; Path=/; Secure; HttpOnly
Using NSURLSessionDataTask to make a GET to https://host.domain.com/app/foo I build the NSHTTPCookie objects from the Set-Cookie response headers above and store them in the WKHTTPCookieStore of my WKWebView using
[wkWebView.configuration.websiteDataStore.httpCookieStore setCookie:cookie completionHandler:^{
NSLog(@"SET COOKIE\n%@", cookie);
}];
as per this answer. The cookies are correctly set and are retrievable using
[wkWebView.configuration.websiteDataStore.httpCookieStore getAllCookies:^(NSArray* cookies) {
//Print cookies
}];
Interesting bit:
After settings the cookies I attach the Safari inspector to my iPhone and:
- Cookie
a=1shows in the Storage of the Safari inspector - Cookie
b=2andc=3do not show in the Storage of the Safari inspector document.cookiealways returns""(JS has no access to the cookies)
Question #1: Why does only cookie a=1 show up in Storage section of Safari inspector?
I was expecting to see all cookies. It seems related to the Secure flag but might be a bug (or feature) in the Safari inspector because inspecting a random site on Google Chrome shows all cookies regardless of Secure flag.
Question #2:
Why does document.cookie always return ""?
Even when doing document.cookie="foo=bar; expires=Tue, 14 Oct 2024 20:23:32 GMT; domain=host.domain.com; path=/" directly in inspector, document.cookie still returns "", like it is read-only for some reason.
Everything worked fine using UIWebView, NSHTTPCookieStorage and standard https scheme. I am at a complete loss in this regard. The only similar questions I could find are this and this but no luck.
Am I missing something really obvious here?
TL;DR
iOS Cordova application using WKWebView and custom url scheme does not expose cookies set in native code to JavaScript (document.cookie is always "").