3

I am using a web app that is running under origin A. To that website, I add an iframe that runs under origin B. Inside that iframe, I would like to embed an image from origin A that requires an authentication cookie to load. I have control over the web app running in the iframe under origin B, but I do not have control over origin A (other than being able to add an iframe to it).

If I disable third-party cookies in Chrome, the authentication cookie is not sent when loading the image, so the image does not load. It seems that Chrome is considering the authentication cookie a third-party cookie, even though it is a first-party cookie that is used by a third-party iframe.

The internet says that Safari is blocking all third-party cookies. However, when I open the page in Safari, the image loads successfully.

Why is this the case? Does Safari not consider the cookie third-party? Or does Safari in fact not block all third-party cookies? Where can I find more information about this?

cdauth
  • 6,171
  • 3
  • 41
  • 49
  • I am having a similar issue, were you able to find a solution/work around? – reedb89 May 17 '21 at 19:33
  • Unfortunately not, I haven't been able to find any sophisticated description of the different browsers’ behaviour so far. – cdauth May 18 '21 at 21:40

1 Answers1

-1

Apple categorizes cookies into three categories. The official documentation of "Apple's use of cookies"

Also, here is a website which gives details about "third-party cookie blocking on Safari 13.1"

Phani
  • 92
  • 7
  • Unfortunately, this doesn't answer the question at all. The first link is about the usage of cookies on apple.com and has nothing to do with Safari. The second one is the same one that I have posted in my question and doesn't give any details that I'm looking for. – cdauth Apr 20 '21 at 10:31