Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does the technique for setting third-party cookies in iframes in Safari still work?

Tags:

cookies

iframe

safari

I am trying to find a way to set cookies in an iframe in Safari. Safari has a policy of not allowing iframes to set cookies unless the user clicks on something in the iframe.

I have read through questions/answers on Stackoverflow and other articles. Here are some links:

  • Facebook Iframe App with multiple pages in Safari Session Variables not persisting
  • http://lightyearsoftware.com/2009/11/on-the-pain-of-developing-for-facebook/
  • http://saizai.livejournal.com/897522.html
  • http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/

They all mention variations of a technique to accomplish this. The basic idea is to create a form element and make it submit a POST request either through JavaScript calls or through the user clicking a button. Once a POST request is sent, Safari considers the user to have interacted with the site and thereafter allows cookies to be set.

I made a few attempts to implement this technique. I failed.

I found an article (http://online.wsj.com/article/SB10001424052970204880404577225380456599176.html) in the Wall Street Journal that talks about how Google used this technique to place their +1 buttons into their DoubleClick ads. The article also cites Anant Garg's blog post (link above) about how to work around the limitation.

Here's a quote from the article:

To get around Safari's default blocking, Google exploited a loophole in the browser's privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

Another quote:

An Apple official said: "We are working to put a stop" to the circumvention of Safari privacy settings.

I am working with Safari 5.1.5 which was released on March 26, 2012. The WSJ article was published on February 17, 2012. Is it possible that Apple has changed Safari so that this workaround no longer works? Can anyone confirm that this technique works on Safari 5.1.5?

like image 897
hekevintran Avatar asked Apr 08 '12 06:04

hekevintran

1 Answers

See this thread: Safari 3rd party cookie iframe trick no longer working?

Safari has enforced its cookie policy with 5.1.4.

like image 128
vwoelm Avatar answered Oct 19 '22 10:10

vwoelm
Sign in to Comment

Related questions

Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN'
React - How to apply CSS styles to iframe content
iframe CSS3 scaling issue on iPad Safari (iOS 5.0.1)
Separate event-loop for same-origin CPU intensive iframe
JQuery plugin issue with IFrame
Enable session cookies for iframe in page in WkWebView / mobile Safari
Firefox Storage Access API denies local storage after successful requestStorageAccess() call
jQuery events not working within iframe?
Cross-domain cookies in iframe Safari
Allow click to pass through iFrame to content behind it
Security Error with iframe
Transparent iframe over another iframe
Django Iframe Safari Fix
<iframe> and <object> are both blank, but only in Firefox
IE11 returns status 0 during Ajax POST operation from an iFrame (XMLHttpRequest: Network Error 0x2ee4)
django Sessions are not maintaing in an iframe
Safari LocalStorage not shared between IFrames hosted on same domain
show only one div within an iframe (javascript, JQuery...)
iFrames + Google Analytics + Cookies + P3P
IFrame security and CORS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!