Set Cookie in Android

Hi there,

We have a small problem. We use a cookie to set an information for our web backend.

We add the header “Cookie” to our http requests. This works under iOS. But in Android we get the error: “Refused to set unsafe header “Cookie””. Do you have any idea how we can achieve that in Android?

We use Ionic 2.2.0

Thanks in advance


Because “Cookie” is a forbidden header name

You get that error because, per the XHR specification, the setRequestHeader method should not set headers with a forbidden header name.

But why does it work in iOS?

And isn’t it usually forbidden for browsers? An app should be able to handle it, I think …

I don’t know why it’s working in iOS, as same-origin policies should be restricting access to cookies belonging to other origins. If you don’t need access to the actual cookie contents, setting { withCredentials: true } on the Https call might help with what you’re trying, though you’ll also need to handle CORS headers on the server.

Maybe related to how android manage webview with cordova

For example, take a look of class SystemCookieManager

And in android doc

Added in API level 21

void setAcceptThirdPartyCookies (WebView webview,
boolean accept)

Sets whether the WebView should allow third party cookies to be set. Allowing third party cookies is a per WebView policy and can be set differently on different WebView instances.

Apps that target KITKAT or below default to allowing third party cookies. Apps targeting LOLLIPOP or later default to disallowing third party cookies.

Maybe related to your case

1 Like