6

IE & Safari Browser blocks cross-domain cookies in an iframe.

e.g. I have two websites, let's say they're example.com and anotherexample.net.

On example.com, I have one page http://example.com/someform.asp and in this page i am using cookies. When I open http://example.com/someform.asp directly in browser, it is working fine.

On anotherexample.net, I have page http://anotherexample.net/page.asp, this page contains an IFRAME SRC="http://example.com/someform.asp". Now when we open http://anotherexample.net/page.asp page in browser, the cookies for example.com are not saved. In Firefox and chrome this problem doesn't appear.

I found that using p3p policy we can fix this, but after setting below p3p policy in IIS response header and its works for IE only.

P3P : CP="This is  a P3P policy! See  http://www.workplaceanswers.com/privacy-and-terms/"

But, I am still getting the same error in safari. I have tried with different p3p policy values as below but not able to fix it.

P3P : CP="CUR ADM DEV HIS TEL STA STP COM”
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”
P3P:CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA”

Is there any way to make this work in Safari?

Synoverge
  • 61
  • 1
  • 1
  • 4

2 Answers2

2

There is a solution posted by Vitaliy Ryepnoy at github: https://github.com/vitr/safari-cookie-in-iframe

The gist: In the main window (example.com), you should detect if the browser is safari,if so, you redirect the user to iframe.com/fix_safari.html, where you set a cookie and redirect again to example.com.

Then, safari let's you set a cookie in the iframe, because there is already a cookie there from iframe.com

worked for me, after hours of frustration

more details and code example in the github page

Yonatan
  • 1,263
  • 4
  • 13
  • 32
0

Actually, I was suffered from cross domain cookie issue in safari web browser in mac & iPhone devices. So, I was create one temp file on client machine and save all cookies in that temp file for One domain. And when I was try to read that cookies from another domain file then in that file i was made changes like if cookies are not set then fetch cookies data from that temp file And again set cookies for that second domain. It's work successfully.

Dattaprasad Jadhav
  • 53
  • 5