11

I have a website that is iframed into a 3rd party webpage, which is itself embedded in a WkWebView in an iOS app. Mobile Safari and the WkWebView reject the session (http-only) cookies being sent for my website, breaking basically everything. The work-around in mobile Safari is to either enable all cookies in settings (yuck) or instruct users to visit my site directly (so it counts as a "site I visited", as far as Safari is concerned); neither of these is particularly palatable. I have found no work-arounds for the WkWebView.

This question is two-part:

1) I am thinking of implementing a redirect service in my website, that takes a destination URL as a parameter, and simply redirects the user to that URL on page load. The 3rd party site can then link to my redirect page with the URL set to send users right back, with the hope that this will count as "visiting" my domain, enabling cookies to be loaded.

Alternatively, the 3rd party site could open a new tab to my site, that closes immediately on load. I expect that this would be a less optimal user experience, however, and so would prefer not to go this route.

Best of all would be for the "POST to a hidden iframe" trick (3rd party page POSTs to my domain in a hidden iframe), but as SO questions indicate that trick no longer works.

Are either of these viable solutions, or has Apple blocked these methods of getting the session cookies set as well? Is there a better solution that I have not considered?

2) Is there a way to set the cookie acceptance policy with WkWebViews like could be done with UiWebViews? My searches of StackOverflow suggest not, but the answers I read could be based on older versions of iOS (the app requires iOS 9+).

If there is no app-code solution for WkWebViews, would the solutions for mobile Safari also work with WkWebViews?

asgallant
  • 26,060
  • 6
  • 72
  • 87
  • I've faced the same issue, with UIWebView. I've fixed it by implement a NSURLProtocol subclass that overrides the built-in HTTP/HTTPS protocol. You may check if it WKWebView works with NSURLProtocol. As how to inherit NSURLProtocol, you may check apple's sample code: [CustomHTTPProtocol](https://developer.apple.com/library/content/samplecode/CustomHTTPProtocol/Introduction/Intro.html) – sunzhuoshi Mar 14 '18 at 02:52
  • Did you ever find more about this? – jdeuce Oct 16 '18 at 22:19
  • 1
    @jdeuce no, I did not. – asgallant Oct 23 '18 at 19:35
  • Did you find any solution for this? – Rajesh Jan 17 '20 at 11:29
  • Sorry, but no, I did not. It is possible that something has changed to make this possible in the past 3 years, though. – asgallant Jan 17 '20 at 17:17

1 Answers1

3

I just had a similar issue. I have a WkWebView which loads my web app that has an iframe loading a login screen from a specific server. The login page would complain that the iframe did not allow cookies.

When I would load the login page directly in the web view, it would work and it would also curiously start working as well when I tested it afterwards again inside the iframe.

The best explanation I found for this is, cookies are only allowed to be saved in the iframe if the web view has directly loaded the domain of the iframe at least once. Knowing this, I was able to implement a workaround.

By simply pinging the login page once with the webview, I use the WKNavigationDelegate to wait until I start receiving some data from the server. Once this happens, I make the web view load my page that contains the iframe. Now the iframe is able to consistently load the login screen.

gus3001
  • 851
  • 9
  • 19
  • 1
    To piggy back off of this, you can get the effect of the ping without actually having to make a request. Just run the following and safari thinks it has visited your domain. `[webView loadHTMLString:@"" baseURL:URL_WITH_YOUR_DOMAIN];` – cephalopodMD Jan 11 '19 at 01:46
  • It appears that this no longer works with iOS 13.3. Can anyone else confirm? – Joel Jeske Mar 03 '20 at 21:47
  • Can someone please explain how can I "ping" with the WebView? I've never done any iOS native development so I'm completely lost. I tried using the loadHTMLString function as suggested above, but that replaces the content of my WebView with a blank screen and I don't want that because I can have iframes in different places of the app. – PX Developer Apr 02 '20 at 11:23