Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-98461

Cookies not set to page when navigating back from error page with third party cookies blocked

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.15.7, 6.2.1
    • WebEngine
    • None

    Description

      When blocking third party cookies via QWebEngineCookieStore::setCookieFilter() cookies are not included on requests sent to a page when navigating back to it from an error page.

      Here's a patch for simplebrowser to reproduce:

      --- browser.cpp	2021-10-02 10:35:40.855866911 +1300
+++ browser.cpp	2021-11-20 20:12:42.197389663 +1300
@@ -52,6 +52,8 @@
 #include "browserwindow.h"
 
 #include <QWebEngineSettings>
+#include <QWebEngineCookieStore>
+#include <QDebug>
 
 Browser::Browser()
 {
@@ -74,6 +76,10 @@
                          &m_downloadManagerWidget, &DownloadManagerWidget::downloadRequested);
     }
     auto profile = !offTheRecord ? m_profile.get() : QWebEngineProfile::defaultProfile();
+    profile->cookieStore()->setCookieFilter([](const QWebEngineCookieStore::FilterRequest &request) {
+        qDebug() << "requesting " << request.firstPartyUrl.toDisplayString() << " from " << request.origin.toDisplayString() << " thirdParty =" << request.thirdParty;
+        return !request.thirdParty;
+    });
     auto mainWindow = new BrowserWindow(this, profile, false);
     m_windows.append(mainWindow);
     QObject::connect(mainWindow, &QObject::destroyed, [this, mainWindow]() {

      And here is a test HTML file:

      <script>
var showcookie = function () {
  document.querySelector('#cookievalue').innerText = document.cookie
}
var setcookie = function () {
  document.cookie = 'testvalue=set'
  showcookie()
}
</script>

<p>Cookie value: <span id='cookievalue'></span></p>
</br>

<a href='#' onclick='setcookie()'>Set cookie (for use on first page load)</a>
</br>

<a href='https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/'>Follow bad link</a>
</br>

<script>
showcookie()
</script>

      The log is like this:

      # press "Set cookie" button on test site
requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false

# reload test page
requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false

# click on "Follow bad link" link
requesting  "https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/"  from  "https://invalid.8d743110-855b-4e7c-8a98-80a0179a8d16.com/"  thirdParty = false

# click on back button
requesting  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = false
requesting  "chrome-error://chromewebdata/"  from  "http://0.0.0.0:7864/bad_link_and_cookies.html#"  thirdParty = true

      Note that last request, if I put if (request.firstPartyUrl.scheme() == "chrome-error") return true; at the top of the filter method that makes things work as expected. But that doesn't seem like something I should be doing.
      So I suppose the problem isn't that cookies aren't being sent but that the cooker filter seems to get called an extra time?

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            toofar toofar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes