Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookies set in a redirect response are not persisted #19376

Closed
3 tasks done
michaeleisel opened this issue May 22, 2018 · 14 comments
Closed
3 tasks done

Cookies set in a redirect response are not persisted #19376

michaeleisel opened this issue May 22, 2018 · 14 comments
Labels
Platform: iOS iOS applications. Resolution: Locked This issue was locked by the bot. Resolution: PR Submitted A pull request with a fix has been provided.

Comments

@michaeleisel
Copy link

michaeleisel commented May 22, 2018
edited
Loading

When I go to a site that returns a 303 along with a Set-Cookie header, it does not use the new cookie from that redirect when it goes to the new URL. This would be somewhat manageable if I could use redirect: 'manual' in fetch's request options and inspect the redirect myself, but that is also broken.

Environment

Environment:
OS: macOS High Sierra 10.13.2
Node: 10.0.0
Yarn: Not Found
npm: 5.6.0
Watchman: 4.9.0
Xcode: Xcode 9.2 Build version 9C40b
Android Studio: 3.1 AI-173.4697961

Packages: (wanted => installed)
react: 16.3.1 => 16.3.1
react-native: ^0.55.2 => 0.55.2

Steps to Reproduce

Go to a site that redirects with a 303 response and sets a cookie via Set-Cookie.

Expected Behavior

Cookie that it sets is sent up when the redirect continues with whatever URL the 303 sent you to.

Actual Behavior

Cookie is not sent up
@michaeleisel
Copy link
Author

michaeleisel commented May 22, 2018
edited
Loading

When I try this using an NSURLSession in Objective-C, the cookie is set as expected, so react native behaves differently from native.

@michaeleisel
Copy link
Author

From my testing, android doesn't have the same problem, so I guess it's an iOS thing

@ghost
Copy link

ghost commented Jul 19, 2018
edited by ghost
Loading

It just stopped sending cookies for me from 0.56. Was working fine till 0.55. I am facing the issue in a normal fetch request.

@michaeleisel
Copy link
Author

@kelset why add a “no repro steps” label? There are repro steps in the ticket

@ethanyuwang
Copy link

@km16 having the same issue but only on android

@ghost
Copy link

ghost commented Jul 25, 2018

Even I am facing this on android. It works perfectly till 0.55.4. I just feel #19770 might fix this, when it get's merged.

@hramos hramos added the Resolution: PR Submitted A pull request with a fix has been provided. label Aug 6, 2018
@Jacse
Copy link

Jacse commented Sep 3, 2018

Please see #16127

@gtebbutt
Copy link
Contributor

@Jacse Would that explain a difference between 0.55 and 0.56? I thought that PR was referencing an issue from much further back than that.

I'm seeing what appears to be a related issue on iOS: since updating from 0.55 to 0.57, the react-native-video package is no longer passing cookies to the CDN.

Perhaps worth noting that the recent chat on #19958 also suggests an explicit behaviour change after 0.55, since several users there are apparently needing to explicitly add credentials: 'include' where it wasn't needed before.

@GetSource1234
Copy link

GetSource1234 commented Sep 28, 2018
edited
Loading

I am also seeing this issue in rn 0.57 (ios 12.0).credentials: 'include' helps, but this flag does not help if you reopen the app. Cookie will be deleted after app relaunch(could be only my case).

@BKova
Copy link

BKova commented Oct 5, 2018

I am also seeing this issue in rn 0.57 (ios 12.0).credentials: 'include' helps, but this flag does not help if you reopen the app. Cookie will be deleted after app relaunch(could be only my case).

Can confirm this works on Android in RN 0.57

@gtebbutt gtebbutt mentioned this issue Oct 9, 2018
Closed
@corradio
Copy link
Contributor

corradio commented Nov 6, 2018
edited
Loading

I'm having exactly the same issue. Only happens on iOS, so I dug into the the iOS code.
It turns out this commit caused the issue: 047961f#diff-0b161cb06747782c515275d84ec94b14R234
In a nutshell, the HTTPShouldHandleCookies boolean has no effect when custom cookies are set (see https://developer.apple.com/documentation/foundation/nsmutableurlrequest/1415485-httpshouldhandlecookies?preferredLanguage=occ). Setting custom cookies prevents the cookies of a redirect response from being re-used in the subsequent request.

I've fixed it by patching the RCTHTTPRequestHandler.mm to listen for redirects and pass cookies along. Here's the code block I added:

- (void)URLSession:(NSURLSession *)session
              task:(NSURLSessionTask *)task
willPerformHTTPRedirection:(NSHTTPURLResponse *)response
        newRequest:(NSURLRequest *)request
 completionHandler:(void (^)(NSURLRequest *))completionHandler
{
  // Add the cookies to the new request
  // This is necessary because we're not letting iOS handle cookies by itself
  NSMutableURLRequest *nextRequest = [request mutableCopy];
  
  NSArray<NSHTTPCookie *> *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:request.URL];
  nextRequest.allHTTPHeaderFields = [NSHTTPCookie requestHeaderFieldsWithCookies:cookies];
  completionHandler(nextRequest);
}

Is this a bug in RN that should be fixed? Happy to do a PR with this change if needed.

Ref #14869 and #15918 #16127 cc @jamesreggio @SDrinkwater @Jacse

@Jacse
Copy link

Jacse commented Nov 6, 2018

@corradio I would love to see that as a PR. If the goal is to have the two platforms behave similarly then this would clearly need to be fixed, since cookies persist across redirects on Android.

@corradio corradio mentioned this issue Nov 6, 2018
Closed
@corradio
Copy link
Contributor

corradio commented Nov 6, 2018

PR submitted: #22178

shseike added a commit to shseike/react-native that referenced this issue Dec 14, 2018
@shseike
以下のコミットを適用。
1d5a626 
Fix cookies not being sent after a redirected response (facebook#22178)

Summary:
Fixes facebook#19376

On iOS, the `HTTPShouldHandleCookies` boolean has no effect when custom cookies are set (see https://developer.apple.com/documentation/foundation/nsmutableurlrequest/1415485-httpshouldhandlecookies?preferredLanguage=occ). Setting custom cookies prevents the cookies of a redirect response from being re-used in the subsequent request.
This is why issue facebook#19376 is opened.
The fix is to intercept the redirect request, and to manually set the cookies. This effectively makes the Android and iOS behaviours converge.

Changelog:
----------
[iOS] [Fixed] - Fix cookies not being sent on iOS after redirect
Pull Request resolved: facebook#22178

Differential Revision: D13191961

Pulled By: shergin

fbshipit-source-id: 4445a2499034a9846c6d7c37c1f1b72c9fd30129
@roots-ai
Copy link

@corradio Adding this code, still doesn't resolve the issue for me.

@facebook facebook locked as resolved and limited conversation to collaborators Nov 26, 2019
@react-native-bot react-native-bot added the Resolution: Locked This issue was locked by the bot. label Nov 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Platform: iOS iOS applications. Resolution: Locked This issue was locked by the bot. Resolution: PR Submitted A pull request with a fix has been provided.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[iOS] Fix cookies not being sent after a redirected response corradio/react-native