synoverge

Q: safari does not allowed cross-domain cookies in iframe

IE & Safari Browser blocks cross-domain cookies in an iframe.

e.g. I have two websites, let's say they're example.com and anotherexample.net.

On example.com, I have one page http://example.com/someform.asp and in this page i am using cookies. When I open http://example.com/someform.asp directly in browser, it is working fine.

On anotherexample.net, I have page http://anotherexample.net/page.asp, this page contains an IFRAME SRC="http://example.com/someform.asp". Now when we open http://anotherexample.net/page.asp page in browser, the cookies for example.com are not saved. In Firefox and chrome this problem doesn't appear.

I found that using p3p policy we can fix this, but after setting below p3p policy in IIS response header and its works for IE only.

P3P : CP="This is a P3P policy! See http://www.workplaceanswers.com/privacy-and-terms/" 

But, I am still getting the same error in safari. I have tried with different p3p policy values as below but not able to fix it.

P3P : CP="CUR ADM DEV HIS TEL STA STP COM” P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT” P3P:CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA” 

Is there any way to make this work in Safari?

Posted on Sep 22, 2015 4:03 AM