Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to get HTTPOnly cookies iOS #336

Closed
fadhlisulaimi opened this issue Feb 28, 2019 · 8 comments
Closed

Unable to get HTTPOnly cookies iOS #336

fadhlisulaimi opened this issue Feb 28, 2019 · 8 comments

Comments

@fadhlisulaimi
Copy link

I have an app that fetches cookies after user login to forum in webview. I am unable to fetch httponly cookies on iOS. It works perfectly in Android. When i look at the source code, document.cookie is injected. Perhaps it is not enough for iOS as it uses WKWebview? It seems Apple stores the cookies in NSHTTPCookieStorage.

Future<Map<String, dynamic>> getCookies()
final cookiesString = await evalJavascript("document.cookie");
@bratan
Copy link

bratan commented May 24, 2019

Is not possible to retrieve HttpOnly cookies with Javascript:

To help mitigate cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server. For example, cookies that persist server-side sessions don't need to be available to JavaScript, and the HttpOnly flag should be set.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

The only way to get these cookies is directly from the Android/iOS webviews.

So for Android it would be CookieManager.getInstance().getCookie(url);

And for iOS (11+) WKHTTPCookieStore.getAllCookies

https://developer.apple.com/documentation/webkit/wkhttpcookiestore/2882005-getallcookies

@fadhlisulaimi
Copy link
Author

fadhlisulaimi commented May 24, 2019
edited
Loading

Thanks for the reply.

I agree with you, httponly cookies needs to be protected. I have zero knowledge on iOS development. Do i need to configure anything or set WKHttpCookieStore in the app delegate so that flutter is able to fetch the cookies?

By default, if i just call the method below, it doesnt fetch anything on iOS:

Future<Map<String, dynamic>> getCookies()

@bratan
Copy link

bratan commented May 24, 2019
edited
Loading

Basically you would need to implement the functionality in the native classes for both iOS (FlutterWebviewPlugin.m) and Android (FlutterWebviewPlugin.java) and then call the methods using the platform channels (similar to how evalJavascript method works for example in base.dart)

The method you mentioned Future<Map<String, dynamic>> getCookies() has to be reimplemented as well in order to parse the results as the responses will be different as well.

@fadhlisulaimi
Copy link
Author

Thanks! It works!

I use this as reference and invoke my own method and call it:
https://flutter.dev/docs/development/platform-integration/platform-channels

@charafau
Copy link
Collaborator

@fadhlisulaimi since you've implemented this, any chance for PR to the plugin? :)

@ftore ftore mentioned this issue Jun 22, 2020
Open
@ftore
Copy link

ftore commented Jun 22, 2020
edited
Loading

Here is the PR: #773 @charafau can you take a look at this PR. I open to make any changes this PR. I am facing the same issue, and I was able to fix it in local, so I need this PR to be merged as soon as possible.

@charafau
Copy link
Collaborator

Hi! Thank you for pr, I will try to do that in reasonable time. Please note that project is in freeze state and if it's possible, please migrate to official web view plugin

@ftore
Copy link

ftore commented Jun 23, 2020

@charafau I will do

@jims57 jims57 mentioned this issue Jul 31, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@charafau @ftore @bratan @fadhlisulaimi