Project

General

Profile

Actions

Bug #788

closed

Old.protonmail.com domain keeps kicking me out

Added by Rich Garcia 10 months ago. Updated 10 months ago.

Status:
Closed
Priority:
3.x
Start date:
12/05/2021
Due date:
% Done:

0%

Estimated time:

Description

When visiting old.protonmail.com domain. Adding domain settings Enabling Javascript, cookies, disabling all blacklists. I am able to login. If I open another tab and go into domain settings for the new tab then exit out of settings, the old.protonmail.com tab (which is not in focus) displays an error dialog that "cookies need to be enabled for the site to work" even though there is already a domain entry allowing cookies, Javascript and removing any block lists from interfering with this domains function. Not sure why going into settings for a different tab/domain is causing the old.protonmail.com tab to reload and why it kicks me out of the non focused site for not having cookies enabled even though there is a domain entry for that domain.


Files

Cookies - App Level Setting.png (194 KB) Cookies - App Level Setting.png Soren Stoutner, 12/06/2021 09:55 AM
Actions #1

Updated by Soren Stoutner 10 months ago

Rich, you have discovered one of the annoying limitations of Android's WebView, which is that cookies are an app level setting, not an individual WebView (tab) level setting. This is explained a bit in the Settings screen (see attached screenshot), but it would probably make sense to add some text to Guide -> Local Storage explaining it further. See https://redmine.stoutner.com/issues/789.

This means that, when you are on a tab that has cookies enabled it enables cookies for all the tabs, and when you are on a tab that has cookies disabled it disables cookies for all the tabs.

Normally this isn't a problem, unless a background tab attempts to communicate with the server.

The way Settings and Domain Settings interact with the tabs is complex. And when editing Domain Settings it gets even more complex (imagine editing the domain of a Domain Settings to add or remove a wildcard, or to be a different subdomain). Hence, every time the user exits Settings or Domain Settings every tab is reloaded (refreshed) using the combined settings and Domain Settings as calculated for each tab from the current information. However, if some tabs have cookies enabled and other tabs have cookies disabled, then the last cookie setting that is applied will be applied to the entire app. Because a refreshed is then forced, tabs that require cookies when communicating with the server will fail if another tab has disabled cookies for the entire app.

This limitation in Android's WebView will be removed in the 4.x series with the release of Privacy WebView. See https://redmine.stoutner.com/issues/409.

Actions

Also available in: Atom PDF