IFrame with safari no longer support 3rd party cookies
Question
I'm trying to access cross site url though IFrame and xyz.com is loading inside IFrame.
in xyz.com we have used asp.net membership module and we are using SetAuthCookie.
FormsAuthentication.SetAuthCookie(userName, false);
previously we were able to access these auth cookies in safari by using following logic by accessing top frame href by referrer.
<script>
window.onload = function () {
if (navigator.userAgent.indexOf('Safari') != -1 && (navigator.userAgent.indexOf('iPhone') != -1 || navigator.userAgent.indexOf('iPad') != -1)) {
var cookies = document.cookie;
if (top.location != document.location) {
if (!cookies) {
href = document.location.href;
href = (href.indexOf('?') == -1) ? href + '?' : href + '&';
top.location.href = href + 'reref=' + encodeURIComponent(document.referrer);
}
} else {
ts = new Date().getTime(); document.cookie = 'ts=' + ts;
rerefidx = document.location.href.indexOf('reref=');
if (rerefidx != -1) {
href = decodeURIComponent(document.location.href.substr(rerefidx + 6));
window.location.replace(href);
}
}
var redirectValue = document.getElementById('hgvRedirectValueHiddenField').value;
if (redirectValue != "") {
window.open(redirectValue, '_self');
}
}
}
</script>
But with the latest updates safary not allows to set
top.location.href = href + 'reref=' + encodeURIComponent(document.referrer);
and auth cookie seems no longer allows and getting following error
The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame.
What will be the work around for this problem as I don't have access to ABC.com and cookieless forms authentication seems huge change for us.
Is that possible to ask users to accept cookies from inside Iframe page and set cookies?
1 answers
solution1
0 ACCPTED 2021-05-19 07:06:47
As solution we have done some changes to web. config
<sessionState timeout="70" cookieless="AutoDetect" />
The possible values for "cookieless" attribute are:
AutoDetect : Session uses background cookie if cookies are enabled. If cookies are disabled, then the URL is used to store session information.
UseCookie : Session always use background cookie. This is default.
UseDeviceProfile : Session uses background cookie if browser supports cookies else URL is used.
UseUri : Session always use URL.
And added:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" cookieless="AutoDetect" timeout="2880" name=".ASPXAUTH" slidingExpiration="true" />
</authentication>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.