Context:
I have an iOS Cordova application using WKWebView
. I need to intercept WKWebView
requests which is not possible using http|https
scheme (it was possible using UIWebView
but I have to move to WKWebView
). Therefore I have set in Cordova's config.xml
<content src="xyz://host.domain.com/app" />
<allow-navigation href="xyz://*/*" />
and I have configured WKWebView
to handle (intercept) xyz://
scheme:
[configuration setURLSchemeHandler:self forURLScheme:@"xyz"];
After attaching the Safari inspector to my iPhone document.origin
outputs xyz://host.domain.com
.
Assume a GET
to https://host.domain.com/app/foo
responds with the following headers:
Set-Cookie: a=1; Domain=host.domain.com; Path=/
Set-Cookie: b=2; Domain=host.domain.com; Path=/; Secure
Set-Cookie: c=3; Domain=host.domain.com; Path=/; Secure; HttpOnly
Using NSURLSessionDataTask
to make a GET
to https://host.domain.com/app/foo
I build the NSHTTPCookie
objects from the Set-Cookie
response headers above and store them in the WKHTTPCookieStore
of my WKWebView
using
[wkWebView.configuration.websiteDataStore.httpCookieStore setCookie:cookie completionHandler:^{
NSLog(@"SET COOKIE\n%@", cookie);
}];
as per this answer. The cookies are correctly set and are retrievable using
[wkWebView.configuration.websiteDataStore.httpCookieStore getAllCookies:^(NSArray* cookies) {
//Print cookies
}];
Interesting bit:
After settings the cookies I attach the Safari inspector to my iPhone and:
- Cookie
a=1
shows in the Storage of the Safari inspector - Cookie
b=2
andc=3
do not show in the Storage of the Safari inspector document.cookie
always returns""
(JS has no access to the cookies)
Question #1: Why does only cookie a=1
show up in Storage section of Safari inspector?
I was expecting to see all cookies. It seems related to the Secure
flag but might be a bug (or feature) in the Safari inspector because inspecting a random site on Google Chrome shows all cookies regardless of Secure
flag.
Question #2:
Why does document.cookie
always return ""
?
Even when doing document.cookie="foo=bar; expires=Tue, 14 Oct 2024 20:23:32 GMT; domain=host.domain.com; path=/"
directly in inspector, document.cookie
still returns ""
, like it is read-only for some reason.
Everything worked fine using UIWebView
, NSHTTPCookieStorage
and standard https
scheme. I am at a complete loss in this regard. The only similar questions I could find are this and this but no luck.
Am I missing something really obvious here?
TL;DR
iOS Cordova application using WKWebView
and custom url scheme does not expose cookies set in native code to JavaScript (document.cookie
is always ""
).