Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

jQuery withCredentials not working in Safari?

Tags:

jquery

ajax

xmlhttprequest

safari

I'm trying to use jQuery.ajax() withCredentials:true cross-domain however it's not working in Safari for some reason.

It works in Firefox, Chrome and IE (using P3P header) but in Safari it won't authenticate.

My code is pretty simple:

$.ajax({
    url: "http://www.someurl.com",
    data: {},
    contentType: "application/json",
    type: "POST",
    success: function(response) {
        console.log(response);
    },
    crossDomain: true,
    xhrFields: {
        withCredentials: true
    },
    error: function(jqXHR, textStatus, errorThrown ) {
        console.log(JSON.stringify(jqXHR));
    }
});

Any ideas? Is there something specific I need to do server side for Safari to accept the cookies?

EDIT: It works once I changed "Block cookies and other website data" to never, but obviously this isn't a solution for a public facing website.

Safari does not honor the cookies sent by the server. Here are my headers (only relevant headers shown), pay attention to the two different domains:

Request headers:
Referer: https://example.net
Origin: https://example.net
Host: example.org
Accept: application/json, text/javascript, */*; q=0.01

Response headers:
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Credentials: true
Set-Cookie: authentication=8xIhPr9m0Fwky0qcE; expires=Fri, 09-Mar-2018 16:59:55 GMT; Max-Age=8640000; path=/; domain=example.org; secure; httponly
Access-Control-Allow-Origin: https://example.net

Is there a CORS header that is missing and that is required by Safari only ?

like image 280
Owen Davey Avatar asked Aug 12 '14 23:08

Owen Davey

1 Answers

I'm sorry to say, but there isn't a very elegant solution for this problem. Apple had recently adopted a strict policy to prevent 3rd party cookies - link

This means users only have long-term persistent cookies and website data from the sites they actually interact with and tracking data is removed proactively as they browse the web.

enter image description here

The best solution I can think of is to redirect the user to a login page hosted in the 3rd party domain and then back to the original page after the login. This way the cookie will be stored (since the user interacted with its domain directly), and you would also be able to interact with it as 3rd party cookie from the original domain.

like image 181
Ido.Co Avatar answered Oct 24 '22 14:10

Ido.Co
Sign in to Comment

Related questions

How do I detect a jQuery trigger events completion?
jquery show/hide when using inline-block
How to integrate waze data with my web page?
Getting an error when using jQuery's click event
How to get file size from clientside using javascript in IE?
jQuery remove item from serialized array
How to debug ajax request error?
Arabic Encoding with html2canvas
Writing data to a local text file with javascript
How do I wait for a javascript function to return a response using Chrome.storage API?
jQuery Trigger event but still have event.isTrigger false
append values with both single and double quotes to textbox
How to use JQuery post method [duplicate]
Firing a google analytics event on form submit
How to trigger onClick before href
How can I convert a tabbed tree to JSON in JavaScript?
createElement in jQuery [duplicate]
R shiny DataTables ColVis behavior
blueimp/jQuery-File-Upload with Laravel How to integrate?
Can I use jQuery .trigger() with event listeners added with addEventListener()?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!