Start clean instance of webview

[bvukotic]

Specification

• pywebview version: 3.2
• platform / version: Any

Description

It would be useful to start "clean" instance of pywebview (like incognito mode). Currently, cookies are remembered somewhere in the web engine, so each time I start webview session is not clean, some logins are remembered, etc...
It would be nice to have something like

webview.start(clean=True)

JavaFX WebView starts clean every time (by default)

[r0x0r]

Good suggestion. Clean state could be set default.

[r0x0r]

API specs
webview.start(clean_session=True) (enabled by default)

Links to implementations

Cocoa: https://stackoverflow.com/questions/42994553/creating-a-non-tracking-in-app-web-browser

GTK: https://webkitgtk.org/reference/webkit2gtk/unstable/WebKitCookieManager.html
https://stackoverflow.com/questions/12220373/webkit-is-it-possible-to-store-cookies-to-file-and-reuse-it-again/15800193

QT: https://doc.qt.io/qt-5/qml-qtwebengine-webengineprofile.html

CEF: https://magpcss.org/ceforum/apidocs3/projects/(default)/CefRequestContext.html

MSHTML: https://stackoverflow.com/questions/13793261/disable-cookie-read-write-in-webbrowser-c-sharp-application

EdgeHTML: ¯\_(ツ)_/¯
Cookies are shared only if launched in the same host process https://docs.microsoft.com/en-us/windows/communitytoolkit/controls/wpf-winforms/webview

[bvukotic]

Can I do this in my python code?
I am on windows 10, I guess I (we) use mshtml, can I call the code mentioned here
https://stackoverflow.com/questions/13793261/disable-cookie-read-write-in-webbrowser-c-sharp-application

but form python?

[r0x0r]

This can be implemented, but it might require C# code. WebBrowserInterop.dll acts like a bridge for things that cannot be implemented in Python.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[analogaio]

This would be a great addition to webview

[r0x0r]

@Ksengine if you want to help, this issue would be a great choice.

[Ksengine]

I can do qt and gtk.

[obfusk]

In my experience, the gtk webview doesn't store cookies [edit: by default].
I opened #687 to not save cookies in qt webengine.

[Ksengine]

Example: how can you store and apply cookie jar to gtk webkit

from gi.repository import Gtk, WebKit, Soup
cookiejar = Soup.CookieJarText.new("<Your cookie path>", False)
cookiejar.set_accept_policy(Soup.CookieJarAcceptPolicy.ALWAYS)
session = WebKit.get_default_session()
session.add_feature(cookiejar)

[r0x0r]

@obfusk 's PR merged into the incognito-mode branch.

[Ksengine]

https://github.com/cztomczak/cefpython/blob/v66.0/examples/snippets/network_cookies.py

"""
Implement RequestHandler.CanGetCookies and CanSetCookie
to block or allow cookies over network requests.
"""

from cefpython3 import cefpython as cef


def main():
    cef.Initialize()
    browser = cef.CreateBrowserSync(
        url="http://www.html-kit.com/tools/cookietester/",
        window_title="Network cookies")
    browser.SetClientHandler(RequestHandler())
    cef.MessageLoop()
    del browser
    cef.Shutdown()


class RequestHandler(object):
    def __init__(self):
        self.getcount = 0
        self.setcount = 0

    def CanGetCookies(self, frame, request, **_):
        # There are multiple iframes on that website, let's log
        # cookies only for the main frame.
        if frame.IsMain():
            self.getcount += 1
            print("-- CanGetCookies #"+str(self.getcount))
            print("url="+request.GetUrl()[0:80])
            print("")
        # Return True to allow reading cookies or False to block
        return True

    def CanSetCookie(self, frame, request, cookie, **_):
        # There are multiple iframes on that website, let's log
        # cookies only for the main frame.
        if frame.IsMain():
            self.setcount += 1
            print("-- CanSetCookie @"+str(self.setcount))
            print("url="+request.GetUrl()[0:80])
            print("Name="+cookie.GetName())
            print("Value="+cookie.GetValue())
            print("")
        # Return True to allow setting cookie or False to block
        return True


if __name__ == '__main__':
    main()

[r0x0r]

I have finally implemented this. EdgeChromium, CEF, GTK, QT and Cocoa are supported. PR here #869

Incognito is now private_mode and is enabled by default. Implementation for each platform is rather hairy, but private mode works more reliably than non-private mode. Notable open issues are

1. Built-in HTTP server starts on a random port by default. In order to support persistent local storage, a fixed port must be used. This PR introduces a default http server port 42001, which is used when private_mode=False and no custom http port is supplied
2. Cocoa's nonPersistentMode does not work as expected, namely it preserves cookies over sessions. I have spent a fair time investigating this and found out that cookies come from NSHTTPCookieStorage in persistent mode. Why is it like this is beyond me. As a workaround all the storage is manually deleted in private_mode before launching webview. A drawback of this solution is that it deletes data for non-private sessions as well.