发表新帖
发表新帖

How do I set cookies from outside domains inside iframes in Safari?

前端 未结
关注
5 1633
梦毁少年i
梦毁少年i 2020-12-08 10:55

From the Apple developer faq

Safari ships with a conservative cookie policy which limits cookie writes to only the pages chosen (\"navigated to\

相关标签:
5条回答
  • 渐次进展
    2020-12-08 11:10

    This is an issue known as Same Origin Policy. Essentially it is a security measure against creating security loopholes.

    When you have an iframe that points to a page on your own domain, JavaScript can access both the page you're on and the page within the Iframe. This is an acceptable parent to child and child to parent relationship.

     (parent doc)        (iframe doc)
    HTML --> IFRAME <-- HTML 
      ^--------|---------^

    However, once you have a file pointing to an external page, SOP comes into play and haults any information passing between the parent page and the iframe page.

     (parent doc)        (iframe doc)
    HTML --> IFRAME <-- HTML 
               X

    Check out this post about iframe communication, it makes a lot of sense! Stackoverflow post

    These links really help too!

    1) Secure Cross-Domain Communication in the Browser
    2) wiki SOP or Same Origin Policy

    Good luck!

    0 讨论(0)
  • 自闭症患者
    2020-12-08 11:15

    This page suggests that you place some javascript in your pages which detects the absence of an always-there cookie. When it finds that the cookie has not been set, it posts the required session data to a page which sets the cookie, and redirects you back to the originating page.

    Apparently the POST is enough to satisfy Safari's 'have I navigated to this domain' test, so from then on it accepts cookies from that domain.

    Of course, it's not the nicest of code, but may well solve your problem.

    0 讨论(0)
  • 醉梦人生
    2020-12-08 11:16

    One solution (a bit messy) might be to have the parent page check for the presence of the cookie and if the cookie is not present run an AJAX call to a script on the iframe page's domain which sets the cookie.

    0 讨论(0)
  • 眼角桃花
    2020-12-08 11:20

    localStorage, supported by safari and all modern browsers, permits read/write operations even on pages loaded into iframes. if you don't mind dropping support for ie6 and ie7, try using localStorage instead of cookies in your framed site. i know your question specifically says you don't have access to code on the framed site, but for those who do, localStorage definitely solves the "no cookies in a safari iframe" problem.

    0 讨论(0)
  • 刺人心
    2020-12-08 11:27

    This is a common issue with facebook apps displayed in Safari. The way many (including myself) have dealt with this is to have the iframed page POST to itself. When a page has posted form data, it is then allowed to set cookies. In the end, it works with a 1 page refresh, which could even be your user login POST.

    0 讨论(0)
 看不清?
提交回复
热议问题