ansaurus

Question

Answer 1

A:

It isn't the missing type-attribute thats annoying you ?-)

<script type="text/javascript">
  var head = document.getElementsByTagName("head")[0];
  var script = document.createElement("script");
  script.setAttribute("type","text/javascript");
  script.src = "A.com/setCookie?cache=1231213123";
  head.appendChild(script);
</script>

roenving 2009-01-03 11:31:28

No, that has nothing to do with it.

Luca Matteis 2009-01-03 16:15:34

I fail to see how this helps at all.

Evan Fosmark 2009-01-28 05:34:05

the default type is 'text/javascript' so no

geowa4 2009-01-31 19:27:14

Answer 2

+6 A:

From the Safari Developer FAQ:

Safari ships with a conservative cookie policy which limits cookie writes to only the pages chosen ("navigated to") by the user. This default conservative policy may confuse frame based sites that attempt to write cookies and fail.

I have found no way to get around this.

If it's worth anything, Chrome doesn't set the cookies either if you use the <script> appending method, but if you have a hidden <img> with the same source, Chrome works in addition to the rest of the browsers (except, again, Safari)

Paolo Bergantino 2009-01-28 05:29:29

Any idea how evernote.com does this? They use an Iframe for their bookmarklet thingy, which is able to set the cookies, somehow.

Luca Matteis 2009-01-28 05:31:55

Are you sure evernote does it, and not that you have changed your default Safari settings?

Paolo Bergantino 2009-01-28 05:33:51

Well I've dug into this issue plenty of times before and maybe they're giving the illusion it works but I'm 99.9% that Safari will not set the cookies unless that security setting is changed.

Paolo Bergantino 2009-01-28 05:41:01

I'll keep looking into it though I can't drop these kind of things. :)

Paolo Bergantino 2009-01-28 05:42:12

How can it give you the illusion of working if it works...

Luca Matteis 2009-01-28 05:44:54

If I knew I'd tell you... the point is it might seem like its working but they're obviously doing something else behind the scenes. You can't set a third party cookie on Safari with default settings. It's that simple.

Paolo Bergantino 2009-01-28 05:46:52

Same on ie6 with default settings, but there's ways of getting around that.

Luca Matteis 2009-01-28 05:57:13

Also I just tested on Chrome and the script tag approach works fine (no need to use the img).

Luca Matteis 2009-01-29 00:35:14

Really? It didn't work for me...

Paolo Bergantino 2009-01-29 14:53:37

Why was this Voted up! its not answering my question.

Luca Matteis 2009-02-02 16:40:12

It was voted up because it's the correct answer, you can't do what you're requesting in Safari without doing a full-page redirect to the third-party domain.

Matty F 2010-06-18 08:57:43

Answer 3

A:

Perhaps pragmatically create and click a link with an href="A.com/setCookie?cache=1231213123" and a target attribute pointing to a hidden iframe. That may bypass Safari's policy of user navigation for setting cookies (I don't have Safari handy to test.)

Zach 2009-01-28 05:50:09

The page would still be loaded in the iframe, making it undelivarable with Safari.

Luca Matteis 2009-01-29 04:05:13

by "undelivarable" do you mean Safari will still not treat it as user navigation?

Zach 2009-01-29 18:08:42

Answer 4

A:

Try something like:

var w = window.open("A.com/setCookie?cache=1231213123");
w.close();

It may bypass safari's security policy.

John C 2009-02-02 16:16:03

Answer 5

A:

I did some extensive investigation around this when I was trying to deploy a site that used Windows Live ID, which depended on the ability to be able to set 3rd party cookies in order to log out. It just... didn't work. Nothing we could do would get it to work. The Live ID team also did extensive investigation and their answer was "can't make it work".

Brad Wilson 2009-02-04 05:55:47

There must be a hackish way to do this, like I said, evernote is able to do this.

Luca Matteis 2009-02-04 06:01:54

Answer 6

+2 A:

There is a bit of an evil trick assuming they have flash installed.

I'm not sure if it still works or not, but Flash'es "Local Shared Objects" aka Flash Cookies could help you circumnavigate Safari's same-domain policies.

Local Shared Object Tutorial

However, it may be complicated to implement, to say the least.

Wiki Article on LSO's

Additonally, LSO's are comming into the light as being a security nightmare:

So think carefully before using them.

Kent Fredric 2009-02-04 13:09:14

Hey Kent, yeah this is the solution I think, use a flash object... I wish I could give the correct answer to you, but it's stuck :(

Luca Matteis 2009-02-21 15:42:00

/me doesn't mind much

Kent Fredric 2009-02-21 23:41:10

Answer 7

+1 A:

A workaround we just came up with at my job was to set the cookie via a window.open() - it may not be optimal for you (as you'll have an ugly ass popup window open), but it worked well for us. We had to have a popup window open anyway for OAuth authentication.

So the jist of what we did was:

User clicks a link from B.com
Popup window opens to A.com/setCookie
A.com sets its cookie, and then redirects to B.com in the proper place

Again, not valid in all solutions, but it worked in ours. Hope this helps.

2009-05-08 19:53:24

Answer 8

A:

I've contacted evernote to ask if any of their developers might care to explain how they do it. Hope they'll react.

Jim Soho 2009-06-04 02:31:17

Answer 9

A:

Note this line:

script.src = "A.com/setCookie?cache=1231213123";

I could not get this working until I added the http, i.e.

script.src = "http://A.com/setCookie?cache=1231213123";

2009-07-28 01:24:11

Answer 10

+2 A:

Here is a solution which works:

http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/

Alec Smart 2010-02-18 12:30:19

Yes, this does really work.

jb 2010-03-08 01:34:26

Answer 11

A:

I know this question is rather old, but this helped me to solve cookies problem:

var cookieForm = document.createElement("form");
cookieForm.action = "A.com/setCookie?cache=1231213123";
cookieForm.method = "post";
document.body.appendChild(cookieForm);

cookieForm.submit();

The idea to make a form post on a page that sets your cookies.

ADOConnection 2010-07-27 08:57:45

Answer 12

A:

A post to a hidden <iframe> can allow you to by-pass this restriction in Safari -- http://gist.github.com/586182:

<?php
  header('P3P: CP=HONK');
  setcookie('test_cookie', '1', 0, '/');
?>
<div id="test_cookie" style="position: absolute; top: -10000px"></div>
<script>
  window.setTimeout(function() {
    if (document.cookie.indexOf('test_cookie=1') < 0) {
      var      
        name = 'test_cookie',
        div = document.getElementById(name),
        iframe = document.createElement('iframe'),
        form = document.createElement('form');

      iframe.name = name;
      iframe.src = 'javascript:false';
      div.appendChild(iframe);

      form.action = location.toString();
      form.method = 'POST';
      form.target = name;
      div.appendChild(form);

      form.submit();
    }
  }, 10);
</script>

daaku 2010-10-01 07:51:38

Answer 13

A:

try to remove all cookies and go to file histortys,and select all and remove it then restart fo6ball

fo6ball 2010-10-01 07:59:20

ansaurus

tags:

views:

answers:

Setting cross-domain cookies in Safari

related questions