6

IE & Safari Browser blocks cross-domain cookies in an iframe.

e.g. I have two websites, let's say they're example.com and anotherexample.net.

On example.com, I have one page http://example.com/someform.asp and in this page i am using cookies. When I open http://example.com/someform.asp directly in browser, it is working fine.

On anotherexample.net, I have page http://anotherexample.net/page.asp, this page contains an IFRAME SRC="http://example.com/someform.asp". Now when we open http://anotherexample.net/page.asp page in browser, the cookies for example.com are not saved. In Firefox and chrome this problem doesn't appear.

I found that using p3p policy we can fix this, but after setting below p3p policy in IIS response header and its works for IE only.

P3P : CP="This is  a P3P policy! See  http://www.workplaceanswers.com/privacy-and-terms/"

But, I am still getting the same error in safari. I have tried with different p3p policy values as below but not able to fix it.

P3P : CP="CUR ADM DEV HIS TEL STA STP COM”
P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”
P3P:CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA”

Is there any way to make this work in Safari?

Synoverge
  • 61
  • 1
  • 1
  • 4

2 Answers2

1

There is a solution posted by Vitaliy Ryepnoy at github: https://github.com/vitr/safari-cookie-in-iframe

The gist: In the main window (example.com), you should detect if the browser is safari,if so, you redirect the user to iframe.com/fix_safari.html, where you set a cookie and redirect again to example.com.

Then, safari let's you set a cookie in the iframe, because there is already a cookie there from iframe.com

worked for me, after hours of frustration

more details and code example in the github page

Yonatan
  • 1,319
  • 4
  • 13
  • 32
  • I'm having trouble with this currently, and it does not look like this works any more unfortunately. Do you know of a solution that could help for newer versions of Safari? My specific use case is hosting a Next.js app that is placed on partner websites inside of an iframe, and we use Auth0 to authenticate users. Auth0's cookies are causing the issue. – shmob Feb 02 '23 at 03:39
  • I didn't touch this area for a long time, so not sure what is the current state of safari and iframes cookies – Yonatan Jun 27 '23 at 08:19
0

Actually, I was suffered from cross domain cookie issue in safari web browser in mac & iPhone devices. So, I was create one temp file on client machine and save all cookies in that temp file for One domain. And when I was try to read that cookies from another domain file then in that file i was made changes like if cookies are not set then fetch cookies data from that temp file And again set cookies for that second domain. It's work successfully.

Dattaprasad Jadhav
  • 53
  • 5