App version: 3.7.0-beta3 (Google Play)
Android version: 12 (Please mention if you are using a custom rom!)
Device model: Oneplus 10T
I’m implementing my own custom Gpodder backend and I’m having issues getting AntennaPod to work.
For some reason, AntennaPod refuses to send cookies with any request besides the initial login request. In my logs, I see AntennaPod sending a request to the login endpoint, and my server replies with a set-cookie header containing a session id. However, this cookie is not passed to the following list devices request.
Even stranger, when I then hit the login button again, AntennaPod does send the cookie, but only to the login endpoint! This shows that AntennaPod does indeed receive the cookie, but doesn’t use it for any other requests.
For reference, this is the structure of my cookies: sessionid=4084451607910564243; HttpOnly; SameSite=Strict; Max-Age=31536000
Any help on this would be much appreciated.
Isn’t that exactly what you tell AntennaPod to do by setting SameSite=Strict?
Sadly no, SameSite refers to the domain sending the cookies to, and the domain remains the same between the two requests.
I’ve tested it with all three values (None, Lax, and Strict) and all three show the same behavior. Other values such as setting the path, or not using HttpOnly, don’t seem to have an effect on the behavior either.
Looking into AntennaPod’s code, I see the cookie jar uses the ACCEPT_ORIGINAL_SERVER policy, but this shouldn’t be a problem I’d think as both requests are communicating with the same domain. Could it be a problem with using an IP address with a non-standard port instead of a domain name? I just find it very strange it refuses to send cookies except for that one path.
Okay, after some more experimentation, I discovered AntennaPod requires the Path field on cookies to be set. Setting Path=/api on the cookie made AntennaPod work as expected! The more ya know, sorry for the unnecessary questions.