safari does not allowed cross-domain cookies in iframe

Question

IE & Safari Browser blocks cross-domain cookies in an iframe.

e.g. I have two websites, let's say they're example.com and anotherexample.net.

On example.com, I have one page http://example.com/someform.asp and in this page i am using cookies. When I open http://example.com/someform.asp directly in browser, it is working fine.

On anotherexample.net, I have page http://anotherexample.net/page.asp, this page contains an IFRAME SRC="http://example.com/someform.asp". Now when we open http://anotherexample.net/page.asp page in browser, the cookies for example.com are not saved. In Firefox and chrome this problem doesn't appear.

I found that using p3p policy we can fix this, but after setting below p3p policy in IIS response header and its works for IE only.

P3P : CP="This is  a P3P policy! See  http://www.workplaceanswers.com/privacy-and-terms/"

But, I am still getting the same error in safari. I have tried with different p3p policy values as below but not able to fix it.

P3P : CP="CUR ADM DEV HIS TEL STA STP COM”
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”
P3P:CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA”

Is there any way to make this work in Safari?

Answer 1

There is a solution posted by Vitaliy Ryepnoy at github: https://github.com/vitr/safari-cookie-in-iframe

The gist: In the main window (example.com), you should detect if the browser is safari,if so, you redirect the user to iframe.com/fix_safari.html, where you set a cookie and redirect again to example.com.

Then, safari let's you set a cookie in the iframe, because there is already a cookie there from iframe.com

worked for me, after hours of frustration

more details and code example in the github page