WebView2: Is it possible to prevent a cookie in a response from being stored

Question

I am using WebView2 and am looking to stop cookies from being stored when they are received in responses to third-party resource requests.

WebView2 exposes the CoreWebView2.WebResourceResponseReceived event which initially looked promising. However, the documentation states:

There is no guarantee about the order in which the WebView processes the response and the host app's handler runs. The app's handler will not block the WebView from processing the response.

Hence it is not possible to modify the response or delete the cookie in this event handler. I guess you could record the response and delete it 'later', but this seems like it could be awkward to do reliably.

Is there a way to block or reliably delete cookies received in a response when using WebView2?

Answer 1

There's currently no way to intercept and modify web responses.

I imagine as a workaround you might try like you suggest of running some code asynchronously later like during the corresponding NavigationCompleted event to remove the cookie using the CoreWebView2.CookieManager APIs.

Another work around might be to use the WebResourceRequested event to intercept requests, use the GetDeferral method on the eventargs to get a deferral while you perform the web request yourself in native code, receive the response in native code, modify the response as you like, and then provide that modified response back in the WebResourceRequested eventargs and complete the deferral. However this has the drawback that you would need to convert the WebView2s web resource request and response objects back and forth between the request and response objects of whichever HTTP stack you use.

Otherwise, you can file your feedback as a feature request on the WebView2 Feedback github project.