发表新帖
发表新帖

Safari 13+ iframe blocks CORS cookies

前端 未结
关注
2 1756
予麋鹿
予麋鹿 2021-02-19 00:03

Safari flat out doesn\'t let you set cookies in iframes of domains different than the parent domain, server-side CORS headers be damned.

To clarify: user

相关标签:
2条回答
  • 执念已碎
    2021-02-19 00:44

    So, the workaround still kinda works, as long as the new window is storing the cookie that you want to store. The iframe still can't store it's own cookies. In my case, all I needed was the session id cookie. So, I open a small popup window when the user grants storage access. It gets and stores the session id cookie, closes, and reloads the iframe. The iframe then has access to the session id cookie and sends it in subsequent requests. I think this is just temporary though, it looks like they're going to remove storage access from popup windows sometime in the future. Maybe they'll fix the iframe not being able to store cookies by then.

    0 讨论(0)
  • 暖寄归人
    2021-02-19 00:45

    I think I might have found the solution: Apple's Storage Access API: https://webkit.org/blog/8124/introducing-storage-access-api/

    0 讨论(0)
 看不清?
提交回复
热议问题