IE & Safari Browser blocks cross-domain cookies in an iframe.
e.g.
I have two websites, let's say they're example.com
and anotherexample.net
.
On example.com
, I have one page http://example.com/someform.asp
and in this page i am using cookies. When I open http://example.com/someform.asp
directly in browser, it is working fine.
On anotherexample.net
, I have page http://anotherexample.net/page.asp
, this page contains an IFRAME SRC="http://example.com/someform.asp"
. Now when we open http://anotherexample.net/page.asp
page in browser, the cookies for example.com
are not saved. In Firefox and chrome this problem doesn't appear.
I found that using p3p policy we can fix this, but after setting below p3p policy in IIS response header and its works for IE only.
P3P : CP="This is a P3P policy! See http://www.workplaceanswers.com/privacy-and-terms/"
But, I am still getting the same error in safari. I have tried with different p3p policy values as below but not able to fix it.
P3P : CP="CUR ADM DEV HIS TEL STA STP COM”
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”
P3P:CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA”
Is there any way to make this work in Safari?
Open the Safari browser. From the menu bar, go to Safari > Preferences. In the preferences dialog, go to the Privacy tab and disable the Prevent cross-site tracking permission.
Safari blocks cookies for iFrame domain when domain doesn't match source website #18530.
Why Safari doesn't allow to store cookie for iFrame? Answer: A: Answer: A: Try going to Safari/Preferences/Privacy and uncheck Prevent cross-site tracking.
Since your content is being loaded into an iframe from a remote domain, it is classed as a third-party cookie. The vast majority of third-party cookies are provided by advertisers (these are usually marked as tracking cookies by anti-malware software) and many people consider them to be an invasion of privacy.
There is a solution posted by Vitaliy Ryepnoy at github: https://github.com/vitr/safari-cookie-in-iframe
The gist:
In the main window (example.com
), you should detect if the browser is safari,if so, you redirect the user to iframe.com/fix_safari.html
, where you set a cookie and redirect again to example.com
.
Then, safari let's you set a cookie in the iframe, because there is already a cookie there from iframe.com
worked for me, after hours of frustration
more details and code example in the github page
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With