3

Is it possible to detect if a cookie from a specific external domain is allowed by the browser to be read by the visitor of my site? This domain, which I don't control, is displayed in an iframe, however it won't work unless it has access to its cookie.

When third-party cookies are enabled or the site is added to Allow section in the settings, it works okay. I would like to display a user friendly error message when this is not the case.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Money_Badger
  • 537
  • 1
  • 5
  • 24
  • Here seems to be the answer https://stackoverflow.com/questions/3550790/check-if-third-party-cookies-are-enabled – alotropico Aug 07 '20 at 09:43
  • @alotropico unfortunately, the answers in this thread apply to a situation when you control the third party domain and can use it to set up a verification cookie. – Money_Badger Aug 09 '20 at 01:09

2 Answers2

0

A better approach would be to send the cookie content to the iframe using the poatMessageAPI.

That way you are not requiring the user to reconfigure their browser to be less secure

David Bradshaw
  • 11,859
  • 3
  • 41
  • 70
  • Could you share a snippet of code which could accomplish this please? How could I get a content of this cookie if it's from a third party domain? Also, I though that postMessage only works from iframe -> parent window – Money_Badger Aug 08 '20 at 08:53
0

One can access the browser's cookies with document.cookie and an iframe's document with iframe.contentDocument (where iframe is a reference DOM node).

With that one should be able to check (just after iframe had loaded) if a cookie exists:

iframe.contentDocument.addEventListener("DOMContentLoaded", () => {
  if (iframe.contentDocument.cookie.split(';').find((item) => item.includes('cookie='))) {
    console.log("Cookie exists");
  }
}
Isaak Eriksson
  • 633
  • 1
  • 7
  • 16