Cookies missing on very first request if website has service worker with fetch event handler #382
Comments
|
Hi @steffenweber, thanks for reporting this. This is an issue with the way we determine the origin of a tab. Previously we could assume that there was a I've created a fix to detect this case, and we'll try and get it in the next release. |
|
If this is what I think it is, these are browser bugs. |
|
@sammacbeth Where can I see your workaround? |
|
@ghostwords Yes, these bugs are exactly this issue, thanks for the links. The fix is currently in the upstream browser-core project, and at internal review at the moment. Here's the method I used:
|
|
Thanks! Will you link to the public PR once it becomes available? |
Description
If a website has a service worker with a non-trivial "fetch" event handler (i.e. it doesn't just do nothing but uses the Fetch API to return a response) then the very first request to a website is sent without any cookies. (For more details on service workers in general see the MDN docs Using Service Workers.)
This is the very same issue that I reported to uMatrix yesterday. You might want to have a look at their fix: uBlockOrigin/uMatrix-issues#155
Steps to Reproduce
Expected Behavior
The GET request for https://www.computerbase.de/ should have the "service-worker-init-date" cookie set.
Actual Behavior
The GET request for https://www.computerbase.de/ is sent without any cookies (as can be seen in the "Network" tab of the Firefox developer tools).
Notes
If you now click on any local link (or reload the page) then the cookies are sent. It's just the very first request that is sent without cookies.
The issue goes away if I either uninstall/disable Ghostery or if I delete the "fetch" event handler from the computerbase.de service worker (I'm the admin of computerbase.de). It seems like the very first request is somehow treated in a special way and gets stripped of all cookies by Ghostery.
This issue affects the login cookies of computerbase.de and was reported to me in our feedback forum by one of our users (nickname "Cave Johnson"): https://www.computerbase.de/forum/threads/login-probleme-seit-14-mai-der-aktive-benutzer-hat-sich-geaendert.1872153/
Versions
The text was updated successfully, but these errors were encountered: