WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
276313
Safari is ignoring the session cookie for localhost sites
https://bugs.webkit.org/show_bug.cgi?id=276313
Summary
Safari is ignoring the session cookie for localhost sites
Noel Da Costa
Reported
2024-07-08 06:15:27 PDT
Created
attachment 471839
[details]
Login request where credentials are passed and session cookie is returned but the route guard request doesn't have the cookie to send, and so the response from the server doesn't allow navigation. Safari is ignoring the session cookie for localhost sites that are on the same domain (but different subdomains). This behaviour is unique to Safari; I've tested this on Chrome, Brave, Firefox and Opera – all work as expected. The environment is a docker-compose network. The docker-compose file is included below. I have entries in `/etc/hosts` for the domains: ``` 127.0.0.1 be.mnr.localhost 127.0.0.1 fe.mnr.localhost ``` All the routing works correctly but while the session cookie is received as part of the request response, Safari is ignoring it and so subsequent requests after login are not having the auth token passed with them and thus the server believes the session is not authenticated. This is a CORS browser implementation issue. I have the cookie session samesite set to "Lax". docker-compose.yml ``` version: "3.9" networks: web-network: services: caddy: image: caddy:latest restart: always volumes: - ./caddy/data:/data - ./caddy/config:/config - ./caddy/Caddyfile:/etc/caddy/Caddyfile - ./caddy/logs:/logs - ./mnr:/var/www/html ports: - "80:80" - "443:443" networks: - web-network # this bit allows caddy on docker to see the listener on the external (to docker) port 8080 (which listens locally on my laptop) extra_hosts: host.docker.internal: host-gateway php: build: ./php tty: true restart: always volumes: - ./mnr:/var/www/html - ./php/etc/:/usr/local/etc/ - ./php/tmp/:/tmp/ networks: - web-network extra_hosts: host.docker.internal: host-gateway mysql: image: mysql/mysql-server:8.0-aarch64 ports: - "23306:3306" environment: MYSQL_ROOT_HOST: "%" MYSQL_ROOT_USER: <redacted> MYSQL_ROOT_PASSWORD: <redacted> MYSQL_DATABASE: <redacted> MYSQL_USER: <redacted> MYSQL_PASSWORD: <redacted> volumes: - $PWD/db/data:/var/lib/mysql networks: - web-network extra_hosts: host.docker.internal: host-gateway ``` This ticket came as a request from Young F. to open a new ticket based on my comments on this ticket:
https://bugs.webkit.org/show_bug.cgi?id=255524
my comments there may shed extra light on this issue. Thanks, Noel
Attachments
Login request where credentials are passed and session cookie is returned but the route guard request doesn't have the cookie to send, and so the response from the server doesn't allow navigation.
(717.33 KB, image/png)
2024-07-08 06:15 PDT
,
Noel Da Costa
no flags
Details
shows the requests
(717.33 KB, image/png)
2024-07-08 06:32 PDT
,
Noel Da Costa
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2024-07-08 06:17:18 PDT
<
rdar://problem/131302524
>
Noel Da Costa
Comment 2
2024-07-08 06:32:14 PDT
Created
attachment 471840
[details]
shows the requests
Noel Da Costa
Comment 3
2024-07-08 06:33:38 PDT
I redid the attachment because the first one was mislabelled.
Noel Da Costa
Comment 4
2025-02-13 00:03:39 PST
I think the issue might be that Safari is refusing to include the session cookie because the SSL certificates are self-signed on my local dev environment. However, once I've accepted the risk in the browser, Safari should allow me to accept the risk.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug