#1
  1. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123

    Safari, Cookies, CORS and Frustration


    I have a site I am developing for a client. One page of this site shows an iframe to a survey (we control the survey and have our own survey hosting offering). So I have complete control over both sites.

    The survey (the iframed page) uses sessions, set in cookies

    Safari does not let iframed pages set cookies unless you have previously visited the domain in a non-framed page in your current browsing session.

    Until I found a workaround, I set both sites to serve the following header:

    Code:
    Access-Control-Allow-Origin: *
    I then found a work around in stack overflow suggesting that the safari 'bug' can be circumvented by using javascript to post to a hidden iframe targetting the to-be-iframed domain which sets a P3P header (below) and then, after a delay, loads the intended page in the main iframe.

    Code:
    P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
    This appeared to work, but perhaps my testing wasn't though enough as it now certainly does not work.

    I can see the requests being made in the safari console and the headers set....but the cookie does not persist so the app is broken when iframed.

    More research today shows me that this work around was from an old thread that the work around has now ceased to work.

    Does anyone here have any other ideas on how to get this working.

    Worse case scenario: I sniff out the user agent and just present a link to the survey to safari users (maybe open in a new window to)
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    677
    Rep Power
    7
    Just a thought, but perhaps horrible item. Maybe temp to start. Perhaps just make the link that sends the user to the page hold more of a javascript redirect or such which simply tests: IF browser == safari THEN send them directly to surver page. That page then notices the user was sent here in such case, makes note they were now at the survey site w/o a frame, then redirects them to the intended page holding the iframe? At most a Safari meerly sees/hears a quick flash of the redirect.
    He who knows not and knows not he knows not: he is a fool - shun him. He who knows not and knows he knows not: he is simple - teach him. He who knows and knows not he knows: he is asleep - wake him. He who knows and knows he knows: he is wise - follow him
  4. #3
  5. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    Originally Posted by Triple_Nothing
    Just a thought, but perhaps horrible item. Maybe temp to start. Perhaps just make the link that sends the user to the page hold more of a javascript redirect or such which simply tests: IF browser == safari THEN send them directly to surver page. That page then notices the user was sent here in such case, makes note they were now at the survey site w/o a frame, then redirects them to the intended page holding the iframe? At most a Safari meerly sees/hears a quick flash of the redirect.
    I like your logic....if I can get it all done with http headers then it should be nice and quick
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]

IMN logo majestic logo threadwatch logo seochat tools logo