|
| 1 | +# Background |
| 2 | + |
| 3 | +Cookie management in WebView has been one of the top feature requests. With that, the WebView2 team has introduced a new set of APIs allowing end developers to achieve goals such as authenticating the webview session, or retrieving cookies from webview to authenticate other tools. |
| 4 | + |
| 5 | +# Description |
| 6 | + |
| 7 | +One can create a `CookieManager` off a WebView to `GetCookies` via a `CookieList` collection, `SetCookie`, `DeleteCookies`, and `ClearAllCookies` in a WebView environment. |
| 8 | + |
| 9 | +# Examples |
| 10 | + |
| 11 | +The following code snippet demonstrates how the cookie management APIs can be use: |
| 12 | + |
| 13 | +```c# |
| 14 | +CoreWebView2CookieManager _cookieManager; |
| 15 | + |
| 16 | +private void WebView_CoreWebView2Ready(object sender, EventArgs e) |
| 17 | +{ |
| 18 | + _cookieManager = webView.CoreWebView2.CreateCookieManager(); |
| 19 | +} |
| 20 | + |
| 21 | +void SetCookieCmdExecuted(object target, ExecutedRoutedEventArgs e) |
| 22 | +{ |
| 23 | + CoreWebView2Cookie cookie = _cookieManager.CreateCookie("CookieName", "CookieValue", ".bing.com", "/"); |
| 24 | + cookie.SameSite = CoreWebView2CookieSameSiteKind.None; |
| 25 | + _cookieManager.SetCookie(cookie); |
| 26 | +} |
| 27 | + |
| 28 | +async void GetCookiesCmdExecuted(object target, ExecutedRoutedEventArgs e) |
| 29 | +{ |
| 30 | + CoreWebView2CookieList cookieList = await _cookieManager.GetCookiesAsync("https://www.bing.com"); |
| 31 | + for (uint i = 0; i < cookieList.Size; ++i) |
| 32 | + { |
| 33 | + CoreWebView2Cookie cookie = cookieList.GetValueAtIndex(i); |
| 34 | + Console.WriteLine(CookieAsString(cookie)); |
| 35 | + } |
| 36 | + |
| 37 | +} |
| 38 | + |
| 39 | +void ClearAllCookiesCmdExecuted(object target, ExecutedRoutedEventArgs e) |
| 40 | +{ |
| 41 | + _cookieManager.ClearAllCookies(); |
| 42 | +} |
| 43 | + |
| 44 | +void DeleteCookiesCmdExecuted(object target, ExecutedRoutedEventArgs e) |
| 45 | +{ |
| 46 | + _cookieManager.DeleteCookies("CookieName", "https://www.bing.com", "", ""); |
| 47 | +} |
| 48 | +``` |
| 49 | + |
| 50 | +# API Notes |
| 51 | + |
| 52 | +See [API Details](#api-details) section below for API reference. |
| 53 | + |
| 54 | +# API Details |
| 55 | + |
| 56 | +```c# |
| 57 | +namespace Microsoft.Web.WebView2.Core |
| 58 | +{ |
| 59 | + /// Kind of cookie SameSite status used in the CoreWebView2Cookie class. |
| 60 | + /// These fields match those as specified in https://developer.mozilla.org/docs/Web/HTTP/Cookies#. |
| 61 | + /// Learn more about SameSite cookies here: https://tools.ietf.org/html/draft-west-first-party-cookies-07 |
| 62 | + enum CoreWebView2CookieSameSiteKind |
| 63 | + { |
| 64 | + /// None SameSite type. No restrictions on cross-site requests. |
| 65 | + None = 0, |
| 66 | + /// Lax SameSite type. The cookie will be sent with "same-site" requests, and with "cross-site" top level navigation. |
| 67 | + Lax = 1, |
| 68 | + /// Strict SameSite type. The cookie will only be sent along with "same-site" requests. |
| 69 | + Strict = 2, |
| 70 | + }; |
| 71 | + |
| 72 | + runtimeclass CoreWebView2 |
| 73 | + { |
| 74 | + /// Create a new cookie manager object. |
| 75 | + CoreWebView2CookieManager CreateCookieManager(); |
| 76 | + } |
| 77 | + |
| 78 | + /// Add or delete an CoreWebView2Cookie or CoreWebView2Cookies, |
| 79 | + /// or view the cookies. The changes would apply to the context of the user profile. |
| 80 | + /// That is, other WebViews under the same user profile could be affected. |
| 81 | + runtimeclass CoreWebView2CookieManager |
| 82 | + { |
| 83 | + /// Create a cookie object with a specified name, value, domain, and path. |
| 84 | + /// One can set other optional properties after cookie creation. |
| 85 | + CoreWebView2Cookie CreateCookie(String name, String value, String Domain, String Path); |
| 86 | + |
| 87 | + /// Gets a list of cookies matching the specific URI. |
| 88 | + /// You can modify the cookie objects, call |
| 89 | + /// CoreWebView2CookieManager.SetCookie, and the changes |
| 90 | + /// will be applied to the webview. |
| 91 | + Windows.Foundation.IAsyncOperation<CoreWebView2CookieList> GetCookiesAsync(String uri); |
| 92 | + |
| 93 | + /// Sets a cookie with the given cookie data; may overwrite equivalent cookies |
| 94 | + /// if they exist. |
| 95 | + void SetCookie(CoreWebView2Cookie cookie); |
| 96 | + |
| 97 | + /// Deletes browser cookies with matching name and uri or domain/path pair. |
| 98 | + /// Cookie name is required. |
| 99 | + /// If uri is specified, deletes all cookies with the given name where domain |
| 100 | + /// and path match provided URI. |
| 101 | + /// If domain is specified, deletes only cookies with the exact domain. |
| 102 | + /// If path is specified, deletes only cookies with the exact path. |
| 103 | + void DeleteCookies(String name, String uri, String Domain, String Path); |
| 104 | + |
| 105 | + /// Clears all cookies under the same profile. |
| 106 | + /// This could affect other WebViews under the same user profile. |
| 107 | + void ClearAllCookies(); |
| 108 | + } |
| 109 | + |
| 110 | + /// A list of cookie objects. |
| 111 | + runtimeclass CoreWebView2CookieList |
| 112 | + { |
| 113 | + /// The number of cookies contained in the CoreWebView2CookieList. |
| 114 | + UInt32 Size { get; }; |
| 115 | + |
| 116 | + /// Get the cookie object at the given index. |
| 117 | + CoreWebView2Cookie GetValueAtIndex(UInt32 index); |
| 118 | + } |
| 119 | + |
| 120 | + /// Provides a set of properties that are used to manage a CoreWebView2Cookie. |
| 121 | + runtimeclass CoreWebView2Cookie |
| 122 | + { |
| 123 | + /// Cookie name. |
| 124 | + String Name { get; }; |
| 125 | + |
| 126 | + /// Cookie value. |
| 127 | + String Value { get; set; }; |
| 128 | + |
| 129 | + /// The domain for which the cookie is valid. |
| 130 | + /// The default is the host that this cookie has been received from. |
| 131 | + String Domain { get; }; |
| 132 | + |
| 133 | + /// The path for which the cookie is valid. If not specified, this cookie |
| 134 | + /// will be sent to all pages on the Domain. |
| 135 | + String Path { get; }; |
| 136 | + |
| 137 | + /// The expiration date and time for the cookie as the number of seconds since the UNIX epoch. |
| 138 | + /// The default is -1.0, which means cookies are session cookies by default. |
| 139 | + Double Expires { get; set; }; |
| 140 | + |
| 141 | + /// Whether this cookie is http-only. |
| 142 | + /// True if a page script or other active content cannot access this |
| 143 | + /// cookie. The default is false. |
| 144 | + Int32 HttpOnly { get; set; }; |
| 145 | + |
| 146 | + /// SameSite status of the cookie which represents the enforcement mode of the cookie. |
| 147 | + /// The default is CoreWebView2CookieSameSiteKind.Lax. |
| 148 | + CoreWebView2CookieSameSiteKind SameSite { get; set; }; |
| 149 | + |
| 150 | + /// The security level of this cookie. True if the client is only to return |
| 151 | + /// the cookie in subsequent requests if those requests use HTTPS. |
| 152 | + /// The default is false. |
| 153 | + /// Note that cookie that requests CoreWebView2CookieSameSiteKind.None but |
| 154 | + /// is not marked Secure will be rejected. |
| 155 | + Int32 Secure { get; set; }; |
| 156 | + } |
| 157 | +} |
| 158 | +``` |
0 commit comments