Cross domain cookie using CORS in Safari

Question

I followed the example: http://arunranga.com/examples/access-control/credentialedRequest.html

from this page: http://arunranga.com/examples/access-control/

The example work in Firefox, but not Safari, anyone have tried in implementing CORS cross domain cookie handling, and being success in Safari?

Thanks.

Answer 1

Safari also blocks cookies from sites that haven't been visited directly. You can see in the security settings. It's default setting is Accept cookies: "Only from sites I visit".

This will help get you started. Setting cross-domain cookies in Safari

I have jsonp working in safari using methods in the above link. So assumed that the cookie would work in the CORS context, but at this stage it doesn't seem to be working. Also, changing the security setting seems to have no effect.

Safari might demand a stricter set of headers to be returned?

Answer 2

This sounds like a Safari bug. I just verified that cross-domain cookies aren't being set in Safari. Cross-domain cookies are working in Chrome, so this may be fixed in WebKit and the latest hasn't made it to Safari yet. I haven't seen a Safari or WebKit bug report about this.