Details
-
Bug
-
Resolution: Unresolved
-
P2: Important
-
None
-
5.15.7, 6.2.1
-
None
Description
When blocking third party cookies via QWebEngineCookieStore::setCookieFilter() cookies are not included on requests sent to a page when navigating back to it from an error page.
Here's a patch for simplebrowser to reproduce:
--- browser.cpp 2021-10-02 10:35:40.855866911 +1300 +++ browser.cpp 2021-11-20 20:12:42.197389663 +1300 @@ -52,6 +52,8 @@ #include "browserwindow.h" #include <QWebEngineSettings> +#include <QWebEngineCookieStore> +#include <QDebug> Browser::Browser() { @@ -74,6 +76,10 @@ &m_downloadManagerWidget, &DownloadManagerWidget::downloadRequested); } auto profile = !offTheRecord ? m_profile.get() : QWebEngineProfile::defaultProfile(); + profile->cookieStore()->setCookieFilter([](const QWebEngineCookieStore::FilterRequest &request) { + qDebug() << "requesting " << request.firstPartyUrl.toDisplayString() << " from " << request.origin.toDisplayString() << " thirdParty =" << request.thirdParty; + return !request.thirdParty; + }); auto mainWindow = new BrowserWindow(this, profile, false); m_windows.append(mainWindow); QObject::connect(mainWindow, &QObject::destroyed, [this, mainWindow]() {
And here is a test HTML file:
<script> var showcookie = function () { document.querySelector('#cookievalue').innerText = document.cookie } var setcookie = function () { document.cookie = 'testvalue=set' showcookie() } </script> <p>Cookie value: <span id='cookievalue'></span></p> </br> <a href='#' onclick='setcookie()'>Set cookie (for use on first page load)</a> </br> <a href='https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/'>Follow bad link</a> </br> <script> showcookie() </script>
The log is like this:
# press "Set cookie" button on test site requesting "http://0.0.0.0:7864/bad_link_and_cookies.html#" from "http://0.0.0.0:7864/bad_link_and_cookies.html#" thirdParty = false requesting "http://0.0.0.0:7864/bad_link_and_cookies.html#" from "http://0.0.0.0:7864/bad_link_and_cookies.html#" thirdParty = false # reload test page requesting "http://0.0.0.0:7864/bad_link_and_cookies.html#" from "http://0.0.0.0:7864/bad_link_and_cookies.html#" thirdParty = false requesting "http://0.0.0.0:7864/bad_link_and_cookies.html#" from "http://0.0.0.0:7864/bad_link_and_cookies.html#" thirdParty = false # click on "Follow bad link" link requesting "https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/" from "https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/" thirdParty = false # click on back button requesting "http://0.0.0.0:7864/bad_link_and_cookies.html#" from "http://0.0.0.0:7864/bad_link_and_cookies.html#" thirdParty = false requesting "chrome-error://chromewebdata/" from "http://0.0.0.0:7864/bad_link_and_cookies.html#" thirdParty = true
Note that last request, if I put if (request.firstPartyUrl.scheme() == "chrome-error") return true; at the top of the filter method that makes things work as expected. But that doesn't seem like something I should be doing.
So I suppose the problem isn't that cookies aren't being sent but that the cooker filter seems to get called an extra time?