customautosys commented on issue #850: URL: https://github.com/apache/cordova-android/issues/850#issuecomment-1352947015
> A better solution than proposed here is probably to use [SameSite=None; Secure](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) when setting your cookies. This would be a server side change. > > If you aren't already using the schemes stuff on Android, you must also use the https:// scheme for the "secure" context. This is the cordova android default since cordova-android 10, unless you have `AndroidInsecureFileModeEnabled` preference enabled. > > A cordova environment is always considered cross origin and chromes default switched away from `None` to `Lax`. Which is the cause of the issue. The problem is that we cannot always do a server side change. Some of us do not own the server we are targeting via CORS (e.g. scraping from another site). Is there a way to route the AJAX requests through cordova-plugin-advanced-http and cordova-cookie-master? The problem I'm facing is that I have a lot of cross platform code (e.g. on electron and chrome extension) that relies on axios and I don't want to rewrite everything to use cordova-plugin-advanced-http separately for cordova. If there could be a drop in replacement that would be great. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
