El vie, 16-09-2016 a las 20:31 -0500, Michael Catanzaro escribió:
Hi, In [1] a user discovered that Google Inbox is broken in Epiphany only when used as a web app. The problem is that when creating a web app, we copy all cookies for the web app's domain into the web app profile dir, but no other cookies. Turns out Inbox depends on third-party cookies (actually cookies from a different google domain) and breaks if Inbox cookies are present without those other cookies. It uses frames, which must be why our normal cookie policy (block third party cookies by default) doesn't break Inbox. Possible fixes: * Copy no cookies. User needs to log in again the first time the web app is opened. One time cost. I'm leaning toward this right now, but it seems a shame to remove this feature to work around a Google bug. * Copy all cookies. Almost all the cookies saved in the web app's profile directory will then be unnecessary, and it will be impossible to ever clear them. * Copy cookies only from the second-level domain (google.com). I expect it would fix this case, but what if other sites have the same problem. Also, this seems strange because it doesn't parallel the normal security model for the web; subdomains are not trusted by parent domains. Thoughts, preferences, suggestions?
If it's a gmail specific issue I would handle that as such, so when the web app is for gmail I would not copy any cookie.
Michael [1] https://bugzilla.gnome.org/show_bug.cgi?id=771540 _______________________________________________ epiphany-list mailing list epiphany-list gnome org https://mail.gnome.org/mailman/listinfo/epiphany-list
-- Carlos Garcia Campos http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
Attachment:
signature.asc
Description: This is a digitally signed message part