Set Cookie in Android

asarti_seibert · March 15, 2017, 3:58pm

Hi there,

We have a small problem. We use a cookie to set an information for our web backend.

We add the header “Cookie” to our http requests. This works under iOS. But in Android we get the error: “Refused to set unsafe header “Cookie””. Do you have any idea how we can achieve that in Android?

We use Ionic 2.2.0

Thanks in advance

david_bc · March 15, 2017, 4:20pm

Hello,

Because “Cookie” is a forbidden header name

You get that error because, per the XHR specification, the setRequestHeader method should not set headers with a forbidden header name.

https://fetch.spec.whatwg.org/#forbidden-header-name

asarti_seibert · March 16, 2017, 7:18am

But why does it work in iOS?

And isn’t it usually forbidden for browsers? An app should be able to handle it, I think …

ascorbic · March 16, 2017, 10:44am

I don’t know why it’s working in iOS, as same-origin policies should be restricting access to cookies belonging to other origins. If you don’t need access to the actual cookie contents, setting { withCredentials: true } on the Https call might help with what you’re trying, though you’ll also need to handle CORS headers on the server.

david_bc · March 16, 2017, 11:12am

Maybe related to how android manage webview with cordova

For example, take a look of class SystemCookieManager

github.com

apache/cordova-android/blob/master/framework/src/org/apache/cordova/engine/SystemCookieManager.java

/*
       Licensed to the Apache Software Foundation (ASF) under one
       or more contributor license agreements.  See the NOTICE file
       distributed with this work for additional information
       regarding copyright ownership.  The ASF licenses this file
       to you under the Apache License, Version 2.0 (the
       "License"); you may not use this file except in compliance
       with the License.  You may obtain a copy of the License at

         http://www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing,
       software distributed under the License is distributed on an
       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
       KIND, either express or implied.  See the License for the
       specific language governing permissions and limitations
       under the License.
*/

package org.apache.cordova.engine;

This file has been truncated. show original

And in android doc

setAcceptThirdPartyCookies
Added in API level 21

void setAcceptThirdPartyCookies (WebView webview,
boolean accept)

Sets whether the WebView should allow third party cookies to be set. Allowing third party cookies is a per WebView policy and can be set differently on different WebView instances.

Apps that target KITKAT or below default to allowing third party cookies. Apps targeting LOLLIPOP or later default to disallowing third party cookies.

Maybe related to your case

Topic		Replies	Views
Refused to set unsafe header “Cookie" error ionic-v3	4	18467	July 12, 2018
Unable to set header in ionic webview for cookies Access-Control-Allow-Origin cordova	2	2367	December 17, 2015
Error: Refused to set unsafe header "Cookie \| Cookie Authentication ionic-v1	0	2706	October 13, 2017
Ionic 4 not storing updated authentication cookie on iOS and Android Ionic Framework	8	7694	April 6, 2020
Get Set-Cookie header response in AngularJS after a XHR request ionic-v1	1	5234	February 17, 2016

Set Cookie in Android

Related topics