Antiforgery token validation failed. The required antiforgery cookie is not present. iOS Auth. iPad.

[RA-Work-A]

Describe the bug

A clear and concise description of what the bug is.
0. Default web app is unable to be signed in / registered from iPad.
Error logs show the following:

2019-09-19 12:12:15.0486|1|INFO|Microsoft.AspNetCore.Hosting.Internal.WebHost|Request starting HTTP/1.1 POST http://localhost_on_IIS:5015/Identity/Account/Login application/x-www-form-urlencoded 270
2019-09-19 12:12:15.0486|1|INFO|Microsoft.AspNetCore.Mvc.RazorPages.Internal.PageActionInvoker|Route matched with {page = "/Account/Login", area = "Identity", action = "", controller = ""}. Executing action /Account/Login
2019-09-19 12:12:15.0486|1|INFO|Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.AutoValidateAntiforgeryTokenAuthorizationFilter|Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.pwALLqxivEg" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.pwALLqxivEg" is not present.
at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
at Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
2019-09-19 12:12:15.0486|3|INFO|Microsoft.AspNetCore.Mvc.RazorPages.Internal.PageActionInvoker|Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.AutoValidateAntiforgeryTokenAuthorizationFilter'.
2019-09-19 12:12:15.0486|1|INFO|Microsoft.AspNetCore.Mvc.StatusCodeResult|Executing HttpStatusCodeResult, setting HTTP status code 400
2019-09-19 12:12:15.0486|2|INFO|Microsoft.AspNetCore.Mvc.RazorPages.Internal.PageActionInvoker|Executed action /Account/Login in 1.7633ms
2019-09-19 12:12:15.0518|2|INFO|Microsoft.AspNetCore.Hosting.Internal.WebHost|Request finished in 3.3011ms 400

To Reproduce

Steps to reproduce the behavior:

1. Create default site
2. scaffold identity framework
3. spin up either local db or connect to db
4. register on pc to make sure works
5. attempt to register on ipad
6. error is thrown in logs.
7. ipad screen shows no error. just a white screen.

Expected behavior

A clear and concise description of what you expected to happen.

I expect to be able to login/register via an ipad.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.
Include the output of dotnet --info
Host (useful for support):
Version: 2.1.12
Commit: ccea2e606d

.NET Core SDKs installed:
1.1.11 [C:\Program Files\dotnet\sdk]
2.1.500 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.1.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.1.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 1.0.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 1.1.10 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]

iPad 12.4.1
tried site in safari and chrome (on iPad)

keys are persisted on disk drive.

repo can be found here --> https://github.com/RA-Work-A/AntiForgeryToken

[blowdart]

This is a known bug in Safari right now. Have you tried updating to iOS13?

[RA-Work-A]

@blowdart I haven't tried that. Is there a work-around? Our QA team is unable to test since all (sans older iPads) are unable to login?

[blowdart]

Try #4647

Note that when Chrome changes how it works in January and we update our code to match them Safari will be broken again, but we will have more advice in place before then.

[blowdart]

Yea I know, it's confusing. Google unilaterally changed how they implement same site in a way that will cause Safari to treat "None" as, in fact, strict. We'll have code samples in a month or so and updates.

[javiercn]

@blowdart Can you take care of updating this issue when the samples are available?

[CribAd]

Is there any update on this?

[RA-Work-A]

@CribAd , my team and I ended up just upgrading our iOS devices to 13.x.x. This "resolved" our issue for our newer devices. Any device that is unable to update to this version still has this issue. Eg, we have an iPad (4th gen), that we cannot update. This device still exhibits the issue.

[ghost]

Thank you for contacting us. Due to a lack of activity on this discussion issue we're closing it in an effort to keep our backlog clean. If you believe there is a concern related to the ASP.NET Core framework, which hasn't been addressed yet, please file a new issue.

This issue will be locked after 30 more days of inactivity. If you still wish to discuss this subject after then, please create a new issue!