Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django Iframe Safari Fix

So based on information here Safari 3rd party cookie iframe trick no longer working? and here Missing cookies on iframe in safari 5.1.5 it's clear that old tricks wont work:

from django.http import HttpResponse
from django.conf import settings


SESSION_COOKIE_NAME = getattr(settings, 'SESSION_COOKIE_NAME')

class SafariIFrameFixMiddleware(object):
    """
    Middleware fixes sessions with Safari browser in iframes

    Safari default security policy restricts
    cookie setting in first request in iframe

    Solution is to create hidden form to preserve GET variables
    and REPOST it to current URL
    """
    def process_request(self, request):
        if request.META['HTTP_USER_AGENT'].find('Safari') != -1 \
                and request.META['HTTP_USER_AGENT'].find('Chrome') == -1 \
                and SESSION_COOKIE_NAME not in request.COOKIES \
                and 'cookie_fix' not in request.GET:
            html = """<html><body><form name='cookie_fix' method='GET' action='.'>"""
            for item in request.GET:
                html += "<input type='hidden' value='%s' name='%s' />" % (request.GET[item], item)
            html += "<input type='hidden' name='cookie_fix' value='1' />"
            html += "</form>"
            html += '''<script type="text/javascript">document.cookie_fix.submit()</script></html>'''
            return HttpResponse(html)
        else:
            return

So I'm seeking new way to solve it.

It seems that it requires open up window (with user permission/click or it will be blocked by safari) and start session there.

Problem is that the very same popup page will ran true all of the middlewares thus it not may be always viable inside project (want as little intrusive fix as possible).

Also django session starting is inside middleware as well, I haven't found any clean way of starting one manually. Any suggestions?

like image 947
JackLeo Avatar asked Jun 22 '12 12:06

JackLeo


2 Answers

I've created working version of fix and uploaded to pypi here: http://pypi.python.org/pypi/django-iframetoolbox

Note: It might not be stable until 0.2 version

like image 139
JackLeo Avatar answered Nov 14 '22 15:11

JackLeo


I too have created a work around similar to JackLeo's. You can use the middleware or a decorator https://github.com/philroche/django-httpsiframecookiesetter as well as a few more options.

like image 1
philroche Avatar answered Nov 14 '22 15:11

philroche