0 Replies Latest reply on Nov 5, 2018 7:04 AM by Xevi Pujol

    Secure, HttpOnly cookies are not sent when using the Tableau internal browser

    Xevi Pujol

      We have been developing a Web Data Connector which has the following flow:

      • From our WDC homepage, we authenticate our users through a login form which is hosted in the same domain as the WDC.
      • On authentication success, a Secure & HttpOnly cookie is set
      • The WDC uses this cookie to do the relevant API calls to get the data, using the JS native function "fetch". The code looks like this;
      fetch('https://myapi.com', {
        method: 'GET',
        credentials: 'include',
      })
      

       

      This flow works correctly when we use the WDC through the Web Data Connector Simulator 2.0, which allows me to say that it is well implemented and there are no cross-domain issues.

       

      However, when we do it in the Tableau internal browser, we see that the API requests reach the server without the Secure & HttpOnly cookie.

       

      Has anyone come across this issue before? Is this a known issue of the Tableau internal browser? I wonder if the implementation of "fetch" in this browser is a bit aged and does not follow the latest standards?