Hi There, We have a web application with URL testA.comthat uses IFrame and src into a different domain URLtestB.com Page B. The Page B Content-Security-Policy uses frame-ancestors to allow Page A to IFrame into Page B. Also Page B is not using Cookies. This setup works on other devices and its browsers like Android, Windows with Chrome, Firefox Edge but does not work on IOS 13 + on any browsers. The only way to have this works on IOS is to switch off the Prevent Cross-Site Tracking option. We found that this stops working coinciding to the WebKit updates https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/ Just wondering is there anything else that we missed to get this working on IOS? thanks, Kiet Tran
Search results for
ASWebAuthenticationSession cookie
1,295 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
Hi all. I am a software developer and while developing one of the products (it is a plugin for outlook & outreach) I encountered such a problem. Safari disables cookies when sending data from a child window to a parent window that is inside an iframe when using window.opener.postMessage. My plugin (React app) works inside iFrame and in order to implement SSO login and not get a block from Azur, I had to create a separate window with SSO login, where the login procedure takes place. After that, the window is closed, and the data required for login, including cookies, is sent to the parent window. The parent window is in an iFrame. For this operation I use window.open - to open a child window and window.opener.postMessage. - to send data from a child window to a parent window. parent const SSOWindowOpen = () => { const left = (screen.width - 465 ) / 2 const top = (screen.height - 650 ) / 4 const SSOWindow = window.open('/app/static/integrations/ssoWindow', 'SSOWindow', 'resizable=yes, w
@fpappledeveloper - I was able to resolve the issue and you are correct. When you open the web inspector it immediately resets logins (cookies?). I resolved the issue. Here's what I tried, sorry I didn't pin down exactly what fixed it: Resetting all experiments: Develop -> Experimental Features -> Reset all to defaults Re-enabling Safari -> Preferences -> Privacy -> enable Prevent cross site tracking + enable Allow privacy-preserving measurements of ad effectiveness (I suspect this is the issue but not sure) Disabling all content blockers on various websites (i don't think this does anything) Disabling Syncing Platform Authenticator Updating macOS from 12.4 to 12.5
Topic:
App & System Services
SubTopic:
Core OS
Tags:
I have been encountering this issue on Chrome on developer.apple.com and discussions.apple.com for at least a year. True to form, opening up the Developer Tools > Network, the request header was sending a massive amount of cookie data. I cleared only cookies from *.apple.com and was able to access the website again. Only apple.com can set and receive apple.com cookies, right?
Topic:
Developer Tools & Services
SubTopic:
Developer Forums
Tags:
The issue appears to be resolved. The following may just be a coincidence, but I'll describe what I did before it started working. I have two developer accounts on my employer's team account. One account for my company email and one for my personal email Apple ID. Again, might just be a coincidence, but I tried signing out of my company email account and signing into App Store Connect->TestFlight with my personal Apple ID. At which point, I had access to update the test information and add external testers! I then signed out of my personal account and signed back into App Store Connect with my default company email account. And I had access to update the test info and add external tester groups as well. Before I tried all this signing in-out stuff, I had already confirmed this morning that I was still seeing the issue. Either Apple fixed this issue later today or [queue magical thinking now:] I was hitting some sort of caching/cookies conflict or something? So if you're still seeing this issue and
Topic:
App Store Distribution & Marketing
SubTopic:
App Store Connect
Tags:
This is broken for wildcard cookie injection. Definitely an issue with iOS 16 and I see no release notes or documentation that covers it. Specifically injecting a cookie on a site such as sub.example.com with the domain .example.com used to work but no longer does and this contradicts the Apple documentation: https://developer.apple.com/documentation/foundation/httpcookie/1393015-domain If the domain does not start with a dot, then the cookie is only sent to the exact host specified by the domain. If the domain does start with a dot, then the cookie is sent to other hosts in that domain as well, subject to certain restrictions. See RFC 6265 for more detail. Injecting with sub.example.com works as expected. Injecting with example.com does not work.
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Hi, I do this after one cup of tea and I have used Safari Private or you can clear your cookies and cache.
Topic:
App Store Distribution & Marketing
SubTopic:
App Store Connect
Tags:
Hi, I have the below scenario, 1.While accessing Index.html, server inserts a cookie and a JS file (request.js) 2 . request.js file collects some safari properties and posting it to the same web server like below, but during this call my cookie is missing. Can you please help? I want to retain my cookie value for the JS initiated request.
I am currently trying to run my app in release mode on my iOS device and every time the app starts up, it only displays a white screen. In the device logs I see this when the app is first launched: Error loading metadata for com.outlit.app: Error Domain=ASDErrorDomain Code=513 Loading failed for '/private/var/containers/Bundle/Application/6C87729B-A97F-4D3E-BA9F-ADEADF6BD28A' UserInfo={NSDebugDescription=Loading failed for '/private/var/containers/Bundle/Application/6C87729B-A97F-4D3E-BA9F-ADEADF6BD28A', NSUnderlyingError=0x100e11a30 {Error Domain=MIInstallerErrorDomain Code=78 Failed to read iTunesMetadata.plist from /private/var/containers/Bundle/Application/6C87729B-A97F-4D3E-BA9F-ADEADF6BD28A/iTunesMetadata.plist UserInfo={NSLocalizedDescription=Failed to read iTunesMetadata.plist from /private/var/containers/Bundle/Application/6C87729B-A97F-4D3E-BA9F-ADEADF6BD28A/iTunesMetadata.plist, LegacyErrorString=InvalidiTunesMetadataPlist, FunctionName=+[MIStoreMetadata metadataFromPlistAtURL:error:], SourceFileLi
Hello, I'm implement some SSO features and have a question about ASWebAuthenticationSession and Safari can share cookies? In my demo, it can not share cookie, I looking for some way to do it. Thank you very much.
Gathered another crash log where the main thread state is also captured. It seems to have to do with multithreading + cookie management in CFNetwork. Does this help finding the cause? crash_logx.txt
Topic:
App & System Services
SubTopic:
General
Tags:
Hello, We release an App Clip back in December 2020, and everything was working just fine for the longest time. However, sometime relatively recently, not exactly sure when it started, the Domain URL Status started showing this “Cannot Reach AASA File” error; and consequently, the App Clip invocation fails now. The API Validation Tool is saying “Error cannot parse app site association file” as the reason. We have not made any changes in the App / App Clip, and the associated domain is still set as appclips:mobileapp.caesars.com The Apple App Site Association file hasn’t been changed either, and the format still matches that specified on https://developer.apple.com/documentation/app_clips/associating_your_app_clip_with_your_website. The AASA file returns no problem in a browser and from curl command as you can see below: Last login: Tue Jul 12 09:11:11 on console curl -v https://mobileapp.caesars.com/.well-known/apple-app-site-association * Trying 192.230.66.155:443... * Connected to mobileapp.caesars.com (192
Are there recommended alternatives for storing authentication cookies shared accross apps and extensions (keychain ?) Yes, you could try using a token based authentication scheme that is saved in an account Keychain instead. To see how to delegate account credentials in the Keychain to handle this, checkout the article on Adding a Password to the Keychain.. This is also PassKeys for your iOS 16 requirements.
Topic:
App & System Services
SubTopic:
General
Tags:
After a few experiments with HTTPCookieStorage.sharedCookieStorage , it seems that the behavior for the storage in that scenario involves some kind of OS flushing / synchronisation: There seem to be cases when the storage is updated, yet the updates aren't visible. Examples are: update by a process not visible by other processes from the same app group, hard crash / killing, etc. This all led me believe that there is some caching involved (of course, i can only guess, as the documentation provides 0 clues on internals). In some cases, such as authentication session cookies, this could have disastreous consequences (such as login out a user for no reason). => Is there some kind of way to force the flushing on the cookies, for the important ones ? Are there recommended alternatives for storing authentication cookies shared accross apps and extensions (keychain ?)
I finding some for ways for turn off dialog popup when using ASAuthenticationSession. I also set prefersEphemeralWebBrowserSession = true for not display dialog confirm but it also turn off shared cookies between apps. So does Apple support anyway for still shared cookies and doesn't show any dialog confirm. Thank you very much.