Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross domain cookie using CORS in Safari

I followed the example: http://arunranga.com/examples/access-control/credentialedRequest.html

from this page: http://arunranga.com/examples/access-control/

The example work in Firefox, but not Safari, anyone have tried in implementing CORS cross domain cookie handling, and being success in Safari?

Thanks.

like image 968
Howard Avatar asked Sep 28 '10 15:09

Howard


2 Answers

Safari also blocks cookies from sites that haven't been visited directly. You can see in the security settings. It's default setting is Accept cookies: "Only from sites I visit".

This will help get you started. Setting cross-domain cookies in Safari

I have jsonp working in safari using methods in the above link. So assumed that the cookie would work in the CORS context, but at this stage it doesn't seem to be working. Also, changing the security setting seems to have no effect.

Safari might demand a stricter set of headers to be returned?

like image 53
23inhouse Avatar answered Sep 22 '22 17:09

23inhouse


This sounds like a Safari bug. I just verified that cross-domain cookies aren't being set in Safari. Cross-domain cookies are working in Chrome, so this may be fixed in WebKit and the latest hasn't made it to Safari yet. I haven't seen a Safari or WebKit bug report about this.

like image 41
monsur Avatar answered Sep 22 '22 17:09

monsur