Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

safari does not allowed cross-domain cookies in iframe

Tags:

p3p

IE & Safari Browser blocks cross-domain cookies in an iframe.

e.g. I have two websites, let's say they're example.com and anotherexample.net.

On example.com, I have one page http://example.com/someform.asp and in this page i am using cookies. When I open http://example.com/someform.asp directly in browser, it is working fine.

On anotherexample.net, I have page http://anotherexample.net/page.asp, this page contains an IFRAME SRC="http://example.com/someform.asp". Now when we open http://anotherexample.net/page.asp page in browser, the cookies for example.com are not saved. In Firefox and chrome this problem doesn't appear.

I found that using p3p policy we can fix this, but after setting below p3p policy in IIS response header and its works for IE only.

P3P : CP="This is  a P3P policy! See  http://www.workplaceanswers.com/privacy-and-terms/"

But, I am still getting the same error in safari. I have tried with different p3p policy values as below but not able to fix it.

P3P : CP="CUR ADM DEV HIS TEL STA STP COM”
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”
P3P:CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA”

Is there any way to make this work in Safari?

like image 242
Synoverge Avatar asked Sep 22 '15 10:09

Synoverge


People also ask

How do I allow cross domain cookies in Safari?

Open the Safari browser. From the menu bar, go to Safari > Preferences. In the preferences dialog, go to the Privacy tab and disable the Prevent cross-site tracking permission.

Does Safari block iframe?

Safari blocks cookies for iFrame domain when domain doesn't match source website #18530.

Why iframe is not working in Safari?

Why Safari doesn't allow to store cookie for iFrame? Answer: A: Answer: A: Try going to Safari/Preferences/Privacy and uncheck Prevent cross-site tracking.

Can an iframe have cookies?

Since your content is being loaded into an iframe from a remote domain, it is classed as a third-party cookie. The vast majority of third-party cookies are provided by advertisers (these are usually marked as tracking cookies by anti-malware software) and many people consider them to be an invasion of privacy.


1 Answers

There is a solution posted by Vitaliy Ryepnoy at github: https://github.com/vitr/safari-cookie-in-iframe

The gist: In the main window (example.com), you should detect if the browser is safari,if so, you redirect the user to iframe.com/fix_safari.html, where you set a cookie and redirect again to example.com.

Then, safari let's you set a cookie in the iframe, because there is already a cookie there from iframe.com

worked for me, after hours of frustration

more details and code example in the github page

like image 107
Yonatan Avatar answered Sep 28 '22 06:09

Yonatan