October 30th, 2013, 06:19 AM
Safari, Cookies, CORS and Frustration
I have a site I am developing for a client. One page of this site shows an iframe to a survey (we control the survey and have our own survey hosting offering). So I have complete control over both sites.
The survey (the iframed page) uses sessions, set in cookies
Safari does not let iframed pages set cookies unless you have previously visited the domain in a non-framed page in your current browsing session.
Until I found a workaround, I set both sites to serve the following header:
This appeared to work, but perhaps my testing wasn't though enough as it now certainly does not work.
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
I can see the requests being made in the safari console and the headers set....but the cookie does not persist so the app is broken when iframed.
More research today shows me that this work around was from an old thread that the work around has now ceased to work.
Does anyone here have any other ideas on how to get this working.
Worse case scenario: I sniff out the user agent and just present a link to the survey to safari users (maybe open in a new window to)
October 30th, 2013, 10:14 AM
He who knows not and knows not he knows not: he is a fool - shun him. He who knows not and knows he knows not: he is simple - teach him. He who knows and knows not he knows: he is asleep - wake him. He who knows and knows he knows: he is wise - follow him
October 30th, 2013, 10:25 AM
I like your logic....if I can get it all done with http headers then it should be nice and quick
Originally Posted by Triple_Nothing