You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Webviews should be authenticated and show the content from the site.
Actual behavior
Webviews are not authenticated and request the user to log in.
Here are some examples of different webviews tested in public and private sites:
Private site
View a postview-post-private-site.mp4Edit unsupported blockedit-unsupported-block-private-site.mp4
Public site
View a postview-post-public-site.mp4Edit unsupported blockedit-unsupported-block-public-site.mp4
Steps to reproduce the behavior
I managed to reproduce this on an iOS simulator and in different webviews.
View a post (private site)
Remove the app (if it was already installed)
Install the app
Log in with an account that has 2FA enabled
Go to a private site
Go to Posts
Tap on View button of one post
The webview doesn't show the post, instead it has the message Private Site and requests the user to log in.
The steps for reproducing it in a public site are the same.
Edit unsupported block
This test flow requires a quick set up to be done in WordPress.com:
Go to a private site
Create a post
Add a block that is not supported by the native editor like GIF block
Save the post
Then on a device:
Remove the app (if it was already installed)
Install the app
Log in with an account that has 2FA enabled
Go to the post previously created
Tap two times in the unsupported block previously added
Tap on Edit using web editor
The webview doesn't show the web editor, instead it requests the user to log in.
The steps for reproducing it in a public site are the same.
Notes
As far as I investigated the issue comes from the WP.com cookies, when the app tries to authenticate by doing a request to https://wordpress.com/wp-login.php , most of the cookies in the response are empty. Besides the content of the response is HTML code and contains the message: Please enter the verification code generated by your authenticator mobile application..
The user I'm currently using has 2FA enabled so most likely the cause has to do with it but I couldn't find the origin. Once I log in within the web view, I don't see the error anymore.
Besides as far as I checked, this is only happening in development mode.
Expected behavior
Webviews should be authenticated and show the content from the site.
Actual behavior
Webviews are not authenticated and request the user to log in.
Here are some examples of different webviews tested in public and private sites:
Private site
View a post
view-post-private-site.mp4
Edit unsupported block
edit-unsupported-block-private-site.mp4
Public site
View a post
view-post-public-site.mp4
Edit unsupported block
edit-unsupported-block-public-site.mp4
Steps to reproduce the behavior
I managed to reproduce this on an iOS simulator and in different webviews.
View a post (private site)
Viewbutton of one postPrivate Siteand requests the user to log in.The steps for reproducing it in a public site are the same.
Edit unsupported block
This test flow requires a quick set up to be done in WordPress.com:
Then on a device:
Edit using web editorThe steps for reproducing it in a public site are the same.
Notes
As far as I investigated the issue comes from the WP.com cookies, when the app tries to authenticate by doing a request to
https://wordpress.com/wp-login.php, most of the cookies in the response are empty. Besides the content of the response is HTML code and contains the message:Please enter the verification code generated by your authenticator mobile application..The user I'm currently using has 2FA enabled so most likely the cause has to do with it but I couldn't find the origin. Once I log in within the web view, I don't see the error anymore.
Besides as far as I checked, this is only happening in development mode.
Tested on iPhone 8 - Simulator, iOS 14, WPiOS 16.6 (DEV)