Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross Domain localstorage does not work in Safari #37

Closed
rahiparikh opened this issue Nov 8, 2017 · 6 comments
Closed

Cross Domain localstorage does not work in Safari #37

rahiparikh opened this issue Nov 8, 2017 · 6 comments

Comments

@rahiparikh
Copy link

I was going through an article written by Daniel Brain on Medium.com that explains how to use POST-ROBOT to perform cross-domain localstorage. The code works for all browsers except safari.

See attached file for sample code. (Change extension from LOG to HTML).

receiver.log
sender.log
@bluepnume
Copy link
Collaborator

Hi! Yeah I wrote that article -- what specifically didn't work?

@rahiparikh
Copy link
Author

@bluepnume If you try the test files in safari, you would notice that localstorage is being set within the frame. However, localstorage available to the frame is sandboxed and the values stored via iFrame are not exposed to any other page loaded from the domain of the iFrame.

Reproduction Steps:

  1. Download the attached files and rename them to have .html extension.
  2. Create a loopback interface for 127.0.0.2.
  3. Edit hosts file and point 127.0.0.1 to domain1.example.com and 127.0.0.2 to domain2.example.com.
  4. Start two HTTP Servers/Listeners (using python or something) to listen on both loopback addresses on port 3030 and move the downloaded files to webroot.
  5. Navigate to http://domain1.example.com:3030/sender.html in safari.
  6. Observe the value of localstorage in safari. You should notice a value being set.
  7. Navigate to http://domain2.example.com:3030/receiver.html in safari.
  8. Observe the value of localstorage in safari. You should not see the value that you saw in step 6.

@bluepnume
Copy link
Collaborator

Yeah, you seem to be right. I actually got your demo working, but I had to select "Always allow" in safari's cookie and website data policy:

screen shot 2017-11-08 at 7 58 39 pm

I guess my advice would be to try to keep the store in the parent window, if possible, so it's always in a first-party context.

@JamieSellars
Copy link

@rahiparikh @bluepnume

did you have any luck getting this to work?

@rahiparikh
Copy link
Author

rahiparikh commented Feb 15, 2018 via email

@andrebautista
Copy link

andrebautista commented Apr 17, 2018
edited

I was hoping this library would solve my current issues around cross domain cookie/local storage tracking, however it looks like safari will continue to haunt me. Expecting users to check "always allow" in the settings isn't exactly something you can rely on. The default safari setting "Allow from websites I visit", means that you'd first have to visit your iframe'd url in order to have cookies/local storage accessible from the parent website. Google, Facebook, and the other big hitters are able to accomplish this because most of us regularly visit their websites so their cookies can follow us wherever we go.

@zehawki zehawki mentioned this issue Nov 27, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bluepnume @rahiparikh @andrebautista @JamieSellars