Is there any workarounds that allows me to keep the "Prevent Cross Site Trackng" option enabled (as it is by default, so every user will have it on), and issue CORS cookies from my back-end api that is on a different domain than my angular app?
My application flow is as follow:
1. User Logs in
2. The server authenticates, issues a JWT and stores the JWT inside of an HttpOnly cookie
3. All angular requests have the {withCredentials: true}
This works perfectly fine on....windows desktop browsers. However when I try to login on Safari iOS, and mac Safari the cookie is not saved nor is it sent with subsequent requests.
I found that disabling "Prevent Cross Site Tracking" option works, but I cannot expect all of my users to disabled this option to use the my app.
Are there any workarounds for this right now?
On your computer, open Chrome. Settings. Under “Privacy and security,” click Cookies and other site data. Turn Send a “Do not track” request with your browsing traffic on or off.
I'd suggest puting both your website and the api on the same domain, e.g. https://web.mydomain.com and https://api.mydomain.com. This shouldn't be too difficult to implement - I haven't found any simple technical solutions online yet that will force Safari on iOS to allow this without changing the settings.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With