Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross-domain cookies in iframe Safari

I have a problem with setting cookies in an iframe (which loads a site from another domain).
On my site X.COM I load <iframe src='Y.COM'>

Y.COM tries to set cookies, but Safari blocks they, as this site was not visited before. So loading Y.COM fails because it can't work without cookies. Is there a way to solve this issue?

P.S. I cann't modify any data at Y.COM.

P.S.S. Also we can modify Safari's settings - "Accept cookies" = "Always", but it is not a solution for me - it seems to be impossible to lead every user to do it..

like image 954
Andrey Yanko Avatar asked Oct 18 '12 08:10

Andrey Yanko


People also ask

How do I allow cross domain cookies in Safari?

Open the Safari browser. From the menu bar, go to Safari > Preferences. In the preferences dialog, go to the Privacy tab and disable the Prevent cross-site tracking permission.

Does iframe work in Safari?

iframes on Safari FollowProtocols, domains, and ports must match. This is primarily an issue on Mobile testing (virtual and real devices).

How do I enable iframe in Safari?

Step 1: Go to Settings icon. Step 2: Select “Safari” Page 4 Confidential 11/16/2017 iPhone and Macbooks Safari SETTINGS to LOAD IFRAMES IN MEMBERS PORTAL 3 Step 3: Ensure that the “Block Pop-ups”, “Prevent Cross-Site Tracking” and “Block all Cookies” are not selected (not green).

Can iframe access cookies?

You can't share cookies across domains. You may share across subdomains. So, if your domain wrote the cookie stored on the client - whether in an iframe from other site or stored by visiting your main site, your domain should be able to access it. Otherwise - no.


1 Answers

I experimented a similar problem. A web "parent" page open my "child" website in a jquery fancybox i-frame cross-domain. Not problem at all with Explorer, Chrome, Firefox, Opera and even with Safari (5.8.1) on MAC. But with iPhone, iPad and mini iPad, the session in the i-frame is lost.

That's mean that at every click on an element in the i-frame (web site is in aspx) a new session started.

We solve the problem in a very simple way:

when the parent website start, it call a page in the child site directly (not in an i-frame). In this page I just set a session variable and I redirect to the parent website. Now when the child website is open in an iframe, the session is kept.

like image 127
Alberto Avatar answered Sep 19 '22 11:09

Alberto