我有两个网站:
- 3rdpartycookiemanager.com
- website.com
来自网站:https://www.website.com
我执行了一个Ajax调用:https://www.3rdpartycookiemanager.com/cookies.php
使用以下jQuery调用:
$.ajax({
...
type: 'POST',
url: 'https://www.3rdpartycookiemanager.com/cookies.php',
cache: false,
crossDomain: true,
dataType: 'json',
data: {
email: 'bill.gates@microsoft.com'
},
xhrFields: {
withCredentials: true
},
...
});
在浏览器的开发者工具上,我看到以下内容:
General
Request URL:https://www.3rdpartycookiemanager.com/cookies.php
Request Method:POST
Status Code:200
Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://www.website.com
Content-Type:application/json
Date:Thu, 22 Oct 2020 16:47:32 GMT
Server:
Set-Cookie:data=%7B%22email%22%3A%22bill.gates%40microsoft.com%22%7D; expires=Fri, 22-Oct-2021 16:47:32 GMT; Max-Age=31536000; path=/; secure; SameSite=None
Vary:Origin
Provisional headers are shown
Request Headers
Accept:application/json, text/javascript, */*; q=0.01
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:https://www.website.com
Referer:https://www.website.com/
User-Agent:Mozilla/5.0 (iPhone; CPU iPhone OS 13_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1
Form Data
action:set
data[email]:bill.gates@microsoft.com
在响应标头上,您可以看到:
Set-Cookie:data=%7B%22email%22%3A%22bill.gates%40microsoft.com%22%7D; expires=Fri, 22-Oct-2021 16:47:32 GMT; Max-Age=31536000; path=/; secure; SameSite=None
我的问题是:
这适用于:
- Windows-Edge、Chrome、Firefox
- Android-Chrome、Firefox
- macOS-Chrome、Firefox
但是不适用于:
- macOS-Safari
- iOS-Safari、Chrome
额外注释:
在网站上:3rdpartycookiemanager.com我使用PHP,并有以下内容:
~/public_html/3rdpartycookiemanager.com/.htaccess
# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "cookies.php$">
<IfModule mod_headers.c>
SetEnvIf Origin "http(s)?://(www.)?(website.com)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header add Access-Control-Allow-Credentials true
Header merge Vary Origin
</IfModule>
</FilesMatch>
~/public_html/3rdpartycookiemanager.com/cookies.php
<?php
$action = $_POST['action'] ?? '';
switch ($action) {
case 'set':
$data = $_POST['data'] ?? '';
$arr_cookie_options = [
'expires' => time() + 365*24*60*60,
'path' => '/',
// 'domain' => '.local',
'samesite' => 'None', // required to enable cross-site usage
'secure' => true, // required in order to use: 'samesite' => 'None'
'httponly' => false
];
setcookie('data', json_encode($data), $arr_cookie_options);
$response = [
'status' => 'success',
];
break;
case 'get':
$response = json_decode($_COOKIE['data'] ?? '', true);
break;
}
header('Content-Type: application/json');
echo json_encode($response);
?>
关于如何在上实现这一点的任何想法
- macOS-Safari
- iOS-Safari、Chrome
因为它在其他设备和浏览器上工作?
谢谢!
我遇到了同样的问题,我知道的唯一解决方案是更改iOS设备上的safari设置。查找设置->狩猎->阻止跨站点跟踪并取消选中。