New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add function Cookies.enabled(): bool
that returns if cookie access is enabled
#823
Comments
Isn‘t that what’s https://developer.mozilla.org/en-US/docs/Web/API/Navigator/cookieEnabled |
Great suggestion! I just tested, and unfortunately it appears to return |
I tested by:
|
This has been discussed in #115 and #531 So far we‘ve been rejecting this feature. In particular regarding sandboxed iframes please see: #531 (comment) — I haven’t changed my mind on this. |
That said — if you have to deal with an iframe of which you don‘t know if it‘s sandboxed or not, the error handling imo is correctly located in userland. We will not be able to deal with this in a way that suffices all cases. And if you try to access cookies in a (knowingly) sandboxed iframe, even more so throwing an error, e.g. doing nothing on our side, is the right thing to do, namely signaling the mistake to the developer. |
My apologies for not finding those existing issues! To be clear I think it makes sense for e.g. But if that use case doesn't make sense for the library, that's fine, too 😊 Thanks for your help! Feel free to close as necessary. |
@carhartl Alternatively, we can use this issue to document the Error that can be thrown on Cookies.get as part of the contract of the API. That means we need to simulate non-sandboxed iframes in a test and check it throws the same across browsers. I believe Cookies.enabled() is also a pointless exercise as there's no way for us to know. Actions from this thread:
|
Is your feature request related to a problem? Please describe.
Cookies are disabled when a page is in a sandboxed iframe. In this case, trying to access
document.cookie
throws an error:SecurityError: Document.cookie getter: Forbidden in a sandboxed document without the 'allow-same-origin' flag.
Describe the solution you'd like
It would be helpful to have a function from the Cookies library to check.
Describe alternatives you've considered
I've implemented my own:
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: