Pass a session cookie through an iFrame on iOS

Hi everyone,

After migrating our Ionic-Angular app from Cordova to Capacitor, i noticed that we can’t log the user through an iframe with a session cookie on iOS. the page being loaded in the iframe is one of our subdomain and it work well on PWA (all browsers including Safari), and Android.

But for iOS, i have the following error message :

Blocked a frame with origin “https://domain.com” from accessing a frame with origin “capacitor://domain.com”. The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “capacitor”. Protocols must match.

I’ve seen that we can’t pass https nor http to iosScheme ( just as i did for android ), because it’s reserved for WKWebView, so what can we do instead ?

Actually, we pass a the session in the url of the iframe being loaded and it’s the http.d conf of the subdomain that set the cookie for us but unfortunately it doesn’t work on iOS and the user is just redirects on the auth page;

i also tried with a postMessage, but it seems I get redirected before I can receive the message…

This is a part of my capacitor.config.ts :

ios: {
    contentInset: "always",
    scheme: "AppName",
    limitsNavigationsToAppBoundDomains: true
  },
  server: {
    hostname: "domain.com",
    androidScheme: "https",
    allowNavigation: ["subdomain.domain.com", ".domain.com", "domain.com"]
  }

This is a part of my info.plist :

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>
<key>WKAppBoundDomains</key>
<array>
    <string>domain.com</string>
    <string>.domain.com</string>
    <string>subdomain.domain.com</string>
</array>

Ionic Framework : 5.3.1
Capacitor Core: 3.2.4
Capacitor iOS : 3.1.2

1 Like

Is there really nobody that as to deal with something like that ?

Did you have solution for this??

There’s an open issue on Capacitor for iOS Cookie problems that the Capacitor team has been talking a lot internally about how to fix. It’s a difficult problem to fix universally without breaking the existing solutions developers have. If we can fix it in the 3.x release, we will. But if it’s a breaking change, it will be a 4.0 release (which we’ve started some basic planning for!)

That being said; there are a couple of things you could try.