I am using iOS 14 Device/Simulator for my Cordova Mobile App which uses cordova-plugin-ionic-webview with WkWebView Settings on.
I have following option set in config.xml
<access origin="myapp://mobileapp" />
<allow-navigation href="myapp://mobileapp" />
which makes all my xhr call to have "origin:myapp://mobileapp" header. I have defined all CORS header appropriately.
Now my authentication XHR calls has 2 APIs (a)authentication and (b) step up operation. API (b) will use HTTPOnly secure cookies set by API (a) in order to respond appropriately.
Both of the above APIs works perfectly fine with UIWebview, iOS 13.5, iOS 13.7 simulator and devices. However fails in iOS 14, iOS 13.3. When analyzing I am seeing that cookies sent in API (a) are not stored in WkWebview and hence they are not sent while calling API (b). So second API fails to complete.
I have seen cookies ignored in first execution, tracking prevention and wkwebview bug but could not identify the issue.
APIs work well when I use them In-AppBrowser with WkWebview, but only fails in main cordova view.
Do I have to set any special settings in ionic-webviw plugin while using a cusotm origin and Cross platform XHR call ?
My XHR calls are made to "*https://mydomain.app.com/api/firstapi*" and "*https://mydomain.app.com/api/secondapi*", while firstapi will send header "set-cookie" with domain set to ".app.com". So when we are making XHR calls with custom origin these kind of cookies will be treated as third party cookies or first party cookie?
Any help here will be extremely helpful. I am looking for proper way of implementing Cordova+WkWebView+XHR login calls with HTTPOnly cookies
