Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Local Storage Cross Domain - Safari disables it by default

The issue:

I have used github project of Ofir Dagan: Storing cross domain local storage.

It implements html5 local storage: https://github.com/ofirdagan/cross-domain-local-storage


The problem:

Safari doesn't allow third party cookies by default (other browsers allow it).

Safari privacy preferences are:

enter image description here

The default is: "Allow from websites I visit".

I read about these settings:

  1. Always Block - Block all first-party cookies and block all third-party cookies.

  2. Allow from Current Website Only - Allow all first-party cookies and block all third-party cookies.

  3. Allow from Websites I Visit - Allow all first-party cookies and block all third-party cookies unless that third party was a first party at one time (based on current cookies and browsing history).

  4. Always Allow - Allow all first-party cookies and allow all third-party cookies.


Solution I have tried:

Local Storage with an iframe (pixel) - I think it's no longer works on Safari - Is there any workaround to set third party cookie in Iframe for safari?


I think that there is a way to share local storage between first party and third party sites on Safari. (Facebook.com and Booking.com share data between different domains).

I succeeded to achieve it by removing the API and writing it by myself, But I don't want to remove the API and implement it by myself (hope that there is a small fix in order to support Safari):

Iframe.html:

window.addEventListener('cors_event', function(event) {
    if(event.event_id === 'my_cors_message'){
        if (event.data.options.funcName == "SetItem") {
            localStorage.setItem(event.data.options.key, event.data.options.value);
        }
        else if (event.data.options.funcName == "GetItem") {
            return localStorage.getItem(event.data.options.key);
        }
    }
});

MainPage:

<iframe id="target" src="iframe.html" frameborder="1"></iframe>

<script>

    var target = document .getElementById('target');
    target.onload = function(){
        target.contentWindow.postMessage('set', '*')
    }
</script>

So does someone know how can I achieve it by changing some API logic to support Safari?

Any help appreciated!

like image 835
Alon Shmiel Avatar asked Jul 26 '16 08:07

Alon Shmiel


People also ask

Does Safari block localStorage?

Specifically, Safari will erase IndexedDB, LocalStorage, Media keys, SessionStorage, and Service Worker registrations after seven days if the user does not interact with the associated website during this period.

Is local storage cross browser?

2 Answers. Show activity on this post. Local Storage is "local" in that exact browser and ONLY in that browser. To retrieve something stored in Local Storage, you must use the same browser, the same key and retrieve it from a page in the same origin (e.g. domain).

How do I get rid of Safari local storage?

To clear the local storage in Safari, do the following: From the Power BI service page, click the Develop menu and choose Web Inspector. On the Console tab, type localStorage. clear() in the field and press Enter.


1 Answers

As noted by the Cross-Storage library documentation:

Notes on Safari 7+ (OSX, iOS)

All cross-domain local storage access is disabled by default with Safari 7+. This is a result of the "Block cookies and other website data" privacy setting being set to "From third parties and advertisers". Any cross-storage client code will not crash, however, it will only have access to a sandboxed, isolated local storage instance. As such, none of the data previously set by other origins will be accessible. If an option, one could fall back to using root cookies for those user agents, or requesting the data from a server-side store.

like image 177
Yogesh Rathi Avatar answered Sep 28 '22 19:09

Yogesh Rathi