Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.4k views
in Technique[技术] by (71.8m points)

angular - Is there a workaround for Safari iOS "Prevent Cross Site Tracking" option, when issuing cookies from API on different domain?

Is there any workarounds that allows me to keep the "Prevent Cross Site Trackng" option enabled (as it is by default, so every user will have it on), and issue CORS cookies from my back-end api that is on a different domain than my angular app?

My application flow is as follow: 1. User Logs in 2. The server authenticates, issues a JWT and stores the JWT inside of an HttpOnly cookie 3. All angular requests have the {withCredentials: true}

This works perfectly fine on....windows desktop browsers. However when I try to login on Safari iOS, and mac Safari the cookie is not saved nor is it sent with subsequent requests.

I found that disabling "Prevent Cross Site Tracking" option works, but I cannot expect all of my users to disabled this option to use the my app.

Are there any workarounds for this right now?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I'd suggest puting both your website and the api on the same domain, e.g. https://web.mydomain.com and https://api.mydomain.com. This shouldn't be too difficult to implement - I haven't found any simple technical solutions online yet that will force Safari on iOS to allow this without changing the settings.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...