MobileSafari won't send back Cookies set with CORS

后端 未结 5 740
臣服心动
臣服心动 2021-02-08 04:57

I have a page loading up in MobileSafari which communicated with another server via CORS.

In desktop browsers (tested Chrome and Safari), I am able to log in, get a sess

相关标签:
5条回答
  • 2021-02-08 05:39

    I was running into the same problem.

    My setup was:

    • AngularJS (Ionic) App on Server A with domain a.com
    • NodeJS with Passport JS as Backend on Server B with domain b.com

    The login with the cookie went well on every browser, except Mobile Safari on iOS. Also the change of the mobile cookie (Do not track) settings in iOS did not had any impact on the issue.

    Solution was to set a CNAME DNS Record

    backend.a.com CNAME b.com

    0 讨论(0)
  • 2021-02-08 05:52

    I believe you are experiencing what I have been seeing in my app. My issue, was caused because iOS Safari, comes with a default option "Prevent Cross-Site Tracking" enabled by default that is causing the browser to block ALL third party cookies, even cookies that are issued by your back-end server from a different domain and CORS is configured correctly.

    The only solution to this problem I found was to use a proxy in production like I did in dev. I accomplished this in Azure with Azure Functions and making all request go through a proxy. At that point iOS Safari did not block my cookies everything was set as expected.

    I wrote about it in my blog https://medium.com/@omikolaj1/complete-guide-to-deploying-angular-and-asp-net-33a0976d0ec1

    0 讨论(0)
  • 2021-02-08 05:54

    I don't know if this solution will work or is acceptable to you but I had the same problem with mobile Safari and a JSONP app. It seemed that Safari was not set to accept third party cookies. I went to Settings > Safari > Accept Cookies and set 'Always' and the problem evaporated. Good luck.

    Can I set cookies in a response from a jsonp request?

    0 讨论(0)
  • 2021-02-08 05:58

    Open an address that sets the cookie via an iFrame - this will set the cookie.

    0 讨论(0)
  • 2021-02-08 05:59

    You didn't mention whether the remote server is under a different domain or just a different subdomain. I assume is under a different domain.

    As @schellsan pointed out you can't set/write cookies to a different domain even if the CORS policy allows it due the 3rd party cookies restriction on safari. It's the latest safari restriction. I guess Firefox is about to do the same.

    Workarounds I'm currently evaluating:

    • Use a redirect on the remote server so that when the client is redirected (the remote URL is in the browser bar) you can set the cookie
    • Use a custom header
    0 讨论(0)
提交回复
热议问题