Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-98461

Cookies not set to page when navigating back from error page with third party cookies blocked

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reported
    • Priority: P2: Important
    • Resolution: Unresolved
    • Affects Version/s: 5.15.7, 6.2.1
    • Fix Version/s: None
    • Component/s: WebEngine
    • Labels:
      None

      Description

      When blocking third party cookies via QWebEngineCookieStore::setCookieFilter() cookies are not included on requests sent to a page when navigating back to it from an error page.

      Here's a patch for simplebrowser to reproduce:

      --- browser.cpp	2021-10-02 10:35:40.855866911 +1300
      +++ browser.cpp	2021-11-20 20:12:42.197389663 +1300
      @@ -52,6 +52,8 @@
       #include "browserwindow.h"
       
       #include <QWebEngineSettings>
      +#include <QWebEngineCookieStore>
      +#include <QDebug>
       
       Browser::Browser()
       {
      @@ -74,6 +76,10 @@
                                &m_downloadManagerWidget, &DownloadManagerWidget::downloadRequested);
           }
           auto profile = !offTheRecord ? m_profile.get() : QWebEngineProfile::defaultProfile();
      +    profile->cookieStore()->setCookieFilter([](const QWebEngineCookieStore::FilterRequest &request) {
      +        qDebug() << "requesting " << request.firstPartyUrl.toDisplayString() << " from " << request.origin.toDisplayString() << " thirdParty =" << request.thirdParty;
      +        return !request.thirdParty;
      +    });
           auto mainWindow = new BrowserWindow(this, profile, false);
           m_windows.append(mainWindow);
           QObject::connect(mainWindow, &QObject::destroyed, [this, mainWindow]() {
      

      And here is a test HTML file:

      <script>
      var showcookie = function () {
        document.querySelector('#cookievalue').innerText = document.cookie
      }
      var setcookie = function () {
        document.cookie = 'testvalue=set'
        showcookie()
      }
      </script>
      
      <p>Cookie value: <span id='cookievalue'></span></p>
      </br>
      
      <a href='#' onclick='setcookie()'>Set cookie (for use on first page load)</a>
      </br>
      
      <a href='https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/'>Follow bad link</a>
      </br>
      
      <script>
      showcookie()
      </script>
      

      The log is like this:

      # press "Set cookie" button on test site
      requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
      requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
      
      # reload test page
      requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
      requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
      
      # click on "Follow bad link" link
      requesting  "https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/"  from  "https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/"  thirdParty = false
      
      # click on back button
      requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
      requesting  "chrome-error://chromewebdata/"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = true
      

      Note that last request, if I put if (request.firstPartyUrl.scheme() == "chrome-error") return true; at the top of the filter method that makes things work as expected. But that doesn't seem like something I should be doing.
      So I suppose the problem isn't that cookies aren't being sent but that the cooker filter seems to get called an extra time?

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            qt_webengine_team Qt WebEngine Team
            Reporter:
            toofar toofar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes