[Webkit-unassigned] [Bug 217670] New: Safari blocking third party iframe cookies
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 13 14:31:25 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217670
Bug ID: 217670
Summary: Safari blocking third party iframe cookies
Product: WebKit
Version: Safari 13
Hardware: All
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: amol at cedar.com
We are running into a pretty unique issue regarding Safari blocking our third party cookies from an iframe. Here is our situation:
A user is authenticated into an application example.com and clicks on a tab. The tab renders a page that contains an iframe which is pointed to SiteA.com's launch URL to start an OAuth 2.0 SSO handshake. After successfully authenticating the user, SiteA.com will redirect the user to its home page. SiteA.com will set all cookies with SameSite set to None and Secure to True. As of now, Safari rejects the cookies so SiteA.com can not load on example.com in an iframe. We was hoping to use the Storage Access API but it requires the user to interact with the embedded app or SiteA.com first. However, this isn't possible in this use case because SiteA.com is not shown to the user until after they have been authenticated. Is there a workaround for this use case?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201013/387bffdb/attachment-0001.htm>
More information about the webkit-unassigned
mailing list