Bug 254991

Summary: Cookie shared across subdomains don't work with .local tld
Product: WebKit Reporter: Matthias Le Brun <mlbli>
Component: Website StorageAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ap, sihui_liu, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 16   
Hardware: All   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=218980

Description Matthias Le Brun 2023-04-04 09:14:16 PDT
Hello!

I have a situation where I set a HTTPOnly, Secure cookie on `dashboard.name.local`, and try to call a `dashboard.name.local` API endpoint from `other.name.local`. Cookies aren't sent in the request, where the same situation on a `name.com` works.

As using `.local` is fairly common for local development, can it be considered like a regular TLD?
Comment 1 Sam Sneddon [:gsnedders] 2023-04-05 05:48:48 PDT
This may well just be another thing that falls out from 218980.
Comment 2 Radar WebKit Bug Importer 2023-04-11 09:15:26 PDT
<rdar://problem/107885806>