Safari 13+ iframe blocks CORS cookies

前端 未结 2 1757
予麋鹿
予麋鹿 2021-02-19 00:03

Safari flat out doesn\'t let you set cookies in iframes of domains different than the parent domain, server-side CORS headers be damned.

To clarify: user

2条回答
  •  执念已碎
    2021-02-19 00:44

    So, the workaround still kinda works, as long as the new window is storing the cookie that you want to store. The iframe still can't store it's own cookies. In my case, all I needed was the session id cookie. So, I open a small popup window when the user grants storage access. It gets and stores the session id cookie, closes, and reloads the iframe. The iframe then has access to the session id cookie and sends it in subsequent requests. I think this is just temporary though, it looks like they're going to remove storage access from popup windows sometime in the future. Maybe they'll fix the iframe not being able to store cookies by then.

提交回复
热议问题