Setting cross-domain cookies in Safari using iframe

Similar Messages

• Setting cookies for safari using java

  Dear all
  I am new to cookie programming. Is there some way so that I can set cookies in Safari on Mac.
  I need to set the user's login information in cookie for a particular site then i need to launch that particular website.
  The code samples will better help. Pls help me as i am in urgent need.
  Regards
  Shobhit Jain

  Can you explain what this will do? Is this a type of
  wildcard for all domains?The answer to my question is that you can't do it, and for good reason. There is a security restriction against creating/accessing cookies from unrelated domains (and ".com" won't cut it). So I just did a complete proxy solution and translated all requests and maintained the cookies for the browser.
  I am not sure what setDomain("/") would do - I am pretty sure that is just invalid (but it is a valid path, however).

• Cross domain REST API CSOM using JavaScript

  I have the following scenario:
  1) Upon create/update of the list item in https://teams.comp.com/sites/grpSite/Lists/Products
  2) I need to create the corresponding list imte in https://secureteams.comp.com/sites/grpSiteMain/Lists/Products.
  I have contribute rights on both sites and able to create/update via UI. However, to achieve automation I need to use REST API on create/update form for #1, so that it updates automatically. I have tried using REST API but it is failing, I have tried with
  SP.RequestExecutor with token but I think that is for app only.
  I need to do it for one site collection to other site collection without using the app. Please let me know how it can be done.
  I have option of using SharePoint 2013 and JavaScript CSOM only.

  Hi Shalin,
  Hope the below links help you
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/2385f192-aa87-495a-9332-d4dcfac7481e/nonapp-rest-call-using-javascript-error-with-cross-domain-?forum=sharepointdevelopment
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/d086e5a5-4e20-43c4-a846-2f7b999868d1/sharepoint-cross-domain-request-using-javascript?forum=sharepointdevelopmentprevious
  http://www.alaindeklerk.com/cross-domain-webservice-calls-in-sp2010-using-jsonp-part-1/
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Setting Cross-context cookie on a filter

  Hi Folks...
  I'm building a module of a web app... this module is kind of a separated application... i mean.. it has a different context.
  The servlets and jsp of the main app is found at the context /diret
  The servlets and jsp of the module (wich will be included in the main app's jsp or opened in a frame) are at the context /ce
  The session of the module (/ce) is controled by the main app... I have a filter in the module that makes a request to the mais app (/diret) asking if the session for the curent user is up. If it is, it gives to me de sessionId of the main app, and i must put that on a cookie. if it's not, then a must redirect to the login page.
  The problem is that it is not setting the cookie. The first servlet of the module is included in a jsp at the main app, than a http request is made to the module context. Before executing the module servlet, it goes through the filter that tries to set the cookie, exactly like should happen... no errors are thrown. But it seems that the response that is passed to my filter is been ignored when the request focus return to the main app. The cookie setted at the module context is not sent to the user's browser...
  Does somebody knows what is happening?

  Hi -
  I'm clear on the spry:if part, and have set it up and it runs
  great. My
  limited JavaScript is giving me trouble with the add observer
  part. For
  instance, the onclick function I have set up for the master
  dataset I am
  working with is:
  function rl_selMfg(mfgID) {
  dsSeries.setURL("index_test_spry_xml_series.asp?MfgID=" +
  mfgID);
  dsSeries.loadData();
  (In this scenario, dsMfg is the master dataset; dsSeries is
  the detail.
  The above is called from an onclick event on a record from
  the master
  dataset).
  I need to pass the "mfgID" variable from the row selected in
  the master
  list to this function. How can I do that with an observer?
  Thanks,
  Rod
  Donald Booth wrote:
  > Hi Rod,
  > We have a sample of this exact thing here:
  >
  http://labs.adobe.com/technologies/spry/samples/SetCurrentRowSample.html
  >

• How to use a cross-domain comp. library?

  Hi, all.
  I have a problem in using a cross-domain library on pages of
  a different domain.
  To elaborate the circumstance:
  I have 2 different domains on my project, say
  www.my-dom-0.com and ww.my-dom-1.com.
  I wrote an ActionScript component library and placed it at
  my-dom-0.
  And it works by calling a pre-determined set of Javascript
  functions and objects under the hood.
  Since the library is supposed to be cross-domain,
  it may be used by flex applications either of my-dom-0 or of
  my-dom-1.
  They seemed to work fine until I hit upon the problem when
  applications of my-dom-1 attempted to use the library's features in
  IE7.
  I verified that the required Javascript codes were placed in
  the pages that had the applications.
  With Firefox, they worked okay.
  After some digging, I found that they didn't work due to
  something related with
  #error
  2060.
  Does anyone know how to make this work?
  I'd like someone familiar with the issue to help me out of
  the problem.
  Thanks in advance.

  Hi,
  I think this
  http://livedocs.adobe.com/flex/201/langref/flash/system/Security.html#allowDomain()
  can solve your problem.
  Hope this helps.

• Apex session cookie in Safari

  Hi all,
  I'm hitting a restriction or security feature(?) of Safari in iOS. One of our Apex applications is a page that runs in an iframe on a site. Apex is installed on a server inside our own network and is accessable via dns: office.ourcorp.com (fake name, just to clearify the situation). We have a couple of different brands, that all have their own domains: brand1.com, brand2.com etc. All of these sites open the apex page inside an iframe.
  That all works beautifully in all browsers, except in Safari in iOS. in iOS, the apex page isn't showing. It seams it's because of the session cookie Apex sets. Safari can't set an cookie from another domain (a cross domain cookie). Is there a possibility to turn off the session cookie?(ORA_WWV_APP_xxx)?
  I also tried to set the 'cookie domain' option inside the authentication scheme to one of the domain names for our brands, but it still doesn't show up.
  Does someone has a sollution?

  I tried to do that. If you read my very first post in this thread, specifically "If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.", I tried to set a cookie but it is throwing an error at the page.
  I think all these complication is because I dont have a login page and I am using a HTTP header variable to validate the user. Given that, where should I set the cookie?
  I also tried to do this:
  - create an appliaction item called 'testuser'
  - create an application computation to run 'before header' which sets the value of this to my HTTP header variable.
  - When I retrieve the app item 'testuser' from a page, it is getting the correct value. But when I use this in the authentication scheme, it is returning null. Any idea why??
  I know I am throwing a lot of questions. That is because I am trying a lot of approaches and each of them is posing a new set of challenges. I am actually looking for alternative ways to do what I am looking to do.
  Thanks.
  Shuba

• Cross domain

  I have a flash object on one, content, server, some data
  coming to it from another, application, server, which works fine
  using crossdomain.xml and all this shows from the third server's
  html page. But, on this third server I can't access the flash
  object's methods through javascript (external interface). I am
  assuming this is because of XSS. Did anyone have this issue before,
  any suggestions how to tackle this problem?

  Hi,
  According to your post, my understanding is that you want to query data cross domain.
  We can use the SPService GetListItems method to retrieve the data cross domain.
  http://stackoverflow.com/questions/9469980/sharepoint-getlistitems-across-domain
  http://spservices.codeplex.com/discussions/399449
  http://itsharedspace.wordpress.com/2013/10/17/get-list-items-with-spservices/
  We can also use the JQuery to achieve it.
  http://blah.winsmarts.com/2012-1-jQuery_and_Crossdomain.aspx
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• How to set the domain of a cookie in localhost environment

  in some scenario i have to set the domain of cookie on my local environment,
  how can be done?????????????
  i.e http://localhost:7001/myapp/testservlet
  how to set the cookie domain for "myapp"

  Hi
  After Some googling I could find out this for you. I think it is a bug with IE.
  http://www.webmasterworld.com/forum21/11530.htm
  The idea is to use a virutal host.
  HTH
  VJ

• Business Process Apps using cross domain CSOM or REST calls: which one is the easiest to use?

  Hi
  I have build a  few (on prem) provider hosted and  SharePoint hosted apps to really surface data held in host web. Now, I want to do something a bit more complex by starting to build a process follow that makes a number of cross domain calls -
  the success handler of the preceding call setting up the next cross domain call  and so on . 
  For example:
  Document Library 1
  Document 1, Content type ct_1 (various attributes set inc taxonomy, lookup etc)
  I want to copy this document and any set fields to ……..
  Document Library 2
  Document 2, Content type ct_2 (inherits from ct_1) ( ( various attributes, set as above) 
   I just wondered if this was achievable with
  client side REST or would this be better with
  CSOM :-( Thos I am stating to hate CSOM ;-.I did have a look at server side code ( csom/rest) and I thought quite verbose and a backwards step plus not really amenable to later moving to Angular or Knockout- tho please let me know if this initial assumption
  is wrong.  
  One controversial view
  would be to code up a full  farm trust web part because the server side apis are well understood. Also,  one or two dlls are are likely to be difficult to migrate at some stage - assuming  V Next does not mechanisms to
  prevent full trust farm solutions complete with bard wire and watchtowers ;-)
  The other option thought of would be a 2013 w/f but I would a fancy form to go with this as I would want to capture user
  input
  Be interested to hear the thoughts from the community 
  Daniel, WSL
  Freelance consultant

  Hi,
  According to your post, my understanding is that you have cross-domain problems in apps for SharePoint.
  There are many different techniques to overcome cross-domain issues in JavaScript.
  You can use Rest to resolve it. Please refer to:
  Cross Domain and SharePoint Hosted Apps using REST
  More information:
  Solving cross-domain problems in apps for SharePoint
  Cross Domain and SharePoint Hosted Apps using CSOM
  Thanks,
  Linda Li                
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Linda Li
  TechNet Community Support

• Cross-sites App parts using iFrames

  I have a wiki page library inside site collection A, now I can add an app part which display the latest modified items , as follow:-
  Now the problem is that I cannot do the same steps if I am inside site collection B , as the app parts are not available cross-sites. I read about the content search and content quesry web parts for cross-site references, but these two web parts lack the
  view settings where I can define setting such as:-
  So the approach I am thinking of:-
  To add the app part inside site A.
  Then inside site B using Iframe inside a code snippet, to reference the app part at site A.
  I tried doing so but this resulted in showing the whole page inside the iframe , what I need is to only display the app part’s related HTML inside the iframe.
  Can anyone advice about this please?
  Thanks

  App Parts are only available where the Apps are installed.  You need to install the App on Site Collection B in order to add the App part to the page.  In Site Collection B go to Site Contents and use the Company App catalog to add the
  app to the site.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.
  Sorry but i did not get your point, now i created a new test team site collection. but inside the site collection contents i can not find an App catalog . here is how Site Content and app contains:-

• Are Cross Domain Flash Local Shared Objects (LSO aka Flash Cookie) possible

  Hi,
  I found several solutions for creating Flash LSOs from JavaScript (for example: http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash )
  If Page (www.hostA.com/index.html) and the .swf file are from the same site, everything works fine.
  Now I'm trying to load the page form www.hostA.com/index.html, which includes www.hostB.com/flashcookie.swf (different sites). But then I cannot read or store the LSO.
  I have tried several configurations (crossdomain.xml,  Security.allowDomain("...") ), but nothing works.
  Is this kind of cross domain access to a LSO possible?
  Can a flash based advertisement delivered by a 3rd party save a LSO on my disc?
  Thanks
  -stephan

  I 100% agree!  We have an application that the Government requires information to be stored on the users computer as part of Multi-Factor-Authentication.  We originally wrote it as a browser application and when everyone and their brother started deleting browser cookies because of security concerns, we totally re-wrote it as a Flash application to take advantage of permanent storage.  This new "feature" in Flash Player is causing much concern because thousands of users will need to start answering lots of security questions every single time they use the application (ie: daily) and our staff is having to handle technical support questions that shouldn't exist.  Right now it's only IE that's causing the issue, but I'm sure every browser and Internet Security program will soon be adding this to their products.  There should at least be a way for the USER to white-list a specific Domain so Flash could exempt those sites from ANY external program trying to delete ALL Shared Objects/Local Storage/Flash Cookies.  The USER should be given that choice.  This would satisfy the extra privacy you are putting in there and still allow information to be stored from sites that require it.
  John

• Im having problem setting up my Hotmail account, it used to work fine until few days ago. It says ive entered an incorrect username or password which i can sign in fine with them details if i use laptop or safari through the phone, Please help..

  Im having problem setting up my Hotmail account, it used to work fine until few days ago. It says ive entered an incorrect username or password which i can sign in fine with them details if i use laptop or safari through the phone, Please help..

  I Sugges you to log into your hotmail acc and go to security and password change bit, then you will see two-step verification.. turn that off and you will be able to set it up on your iPhone/iPad or even Mac.
  Give your phone a restart before trying to set it up. Thanks

• How to make cross domain calls using loadurl

  I you all. I ran into a little situation in which i need to make a cross domain call using loadurl. Has any one implemented this as yet. using loadurl. Thank you.

  Have a look here http://www.coldfusionjedi.com/index.cfm/2008/3/7/CrossDomain-AJAX-calls-using-ColdFusion
  Gramps

• Strange behaviour on Safari when trying to submit form using iframe

  Hi All,
  Not sure if this is the correct forum to raise this question
  I am using iframe based mechanism to submit my login from and it is working fine on each and every browser except Safari.Here is the HTML form I am using to submit the information
  <iframe height="0" width="0"  name="loginFrame" hidden="true"> </iframe>
  <form:form action="${loginActionUrl}" method="post" commandName="loginForm" id="header-signin" target="loginFrame" name="header-signin">
    <input type="text"   name="j_username" id="header-signin_j_username">
    <input type="password" name="j_password" id="header-signin_j_password">
    <input type="button" class="btn1" value="Sign In" id="login" formnovalidate="formnovalidate"/>
  </form:form>
  and here is the java-script code
  $(document).ready(function(){
  $("#login").live('click',function(e) {
        if(validateSigninForm('header-signin')){
            $("#header-signin").submit();
  there are some additional JS code which is being used
  if($('#header-signin_j_password').length){
      document.getElementById('header-signin_j_password').onkeydown = function(event) {
          if (event.keyCode == 13) {
           triggerSigin(this.form.id);
  triggerSignin is simple using Jquery submit method to submit the form.
  When I fill the password filed and press the enter button, everything is working fine and page is getting refreshed with the help of the iFrame, but if I click on the sing in button, Safari is opening a new browser window and sending null values to the back end server.
  This behavior is only noticeable for the first time and if I click on the signin button second time, It will be working perfectly fine till I close the browser and open it again.
  I am not sure what is going wrong here and this approach is working fine on all other browsers.
  Can any one help me in this?

  Okay I tried something new.  I changed the email address listed under my account in the Server app, and then went back to add the short name again.  This time it allowed the save.  Then I went back to Server and changed the listed address back to what I entered as the short name, and it let me do that, too. I guess the order you do this in matters.  Odd.

• Safari cross domain error

  I tired to access a web site via Safari that I previously was able to access; however, now I get the following message: "Cross Domain Error: Cross domain is not supported by this browser." Is there a plug-in or something else that would allow me access the site?

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.