As per my understanding, if I login to site A, the browser will store site A cookies locally.
Now, I open a new tab in the browser and visit Site B. In the Site B, I have a link to Site A.
Now, when I click on the link, I am redirected to Site A with all the cookies for Site A.
But if SameSite=Strict is set for a cookie, it should not have been passed when coming from Site B to Site A.
To test this, I created a html page with a simple <a href="link to site A> and opened it in the browser.
<html>
<body>
Dashboard
</body>
</html>
When I click on the Dashboard, I am redirected to hac-1 dashboard and all the cookies (including Strict SameSite) are shown in Application tab in the developer's tool.
Why chrome is not considering SameSite flag?
Also, why does browser not send cookies of Site B to Site A when I navigate from Site B to Site A using the above link ?
Related
I have been working on a chrome extension for several weeks now, however, I am wondering how to go about creating a login page that gains access to the actual extension.
So I have a chrome extension and I have also made a wix website for the extension, where someone can sign up and create an account. The user will use that account info to sign into the chrome extension login page?
Questions:
1: How to create a login page that determines who can access the chrome extensions contents?
2: How to link the chrome extension to my websites member info?
I want that my chrome extension would navigate to Gmail login page, run a content script that logs in and then to navigate to another site (let's say drive.google.com) and then run another content script.
I want the user to monitor the process and that's why Selenium and PhantomJS are not suitable.
How can I identify that the login was successful?, I tried using MutationObserver but it doesn't work after redirects.
thanks
Domain A is loading domain B in an iFrame. In order for domain B to set a cookie in Safari (with "allow from current website only" configuration) we had to do some manipulations (user actions). However now the cookie isn't being sent (to domain B).
domain A opens domain b in an iframe
user clicks on a button, which opens a new tab with domain B
the cookie is being set. Safari is now set with a cookie from domain B.
in the iframe we do window.location.href="url to domain B" - the cookie isn't being sent.
If I browse to the same URL in a different tab I do see the cookie being sent.
Has anyone encounter this as well? Any known solutions?
In mobile advertising space, a few years back, when apple disabled the 3rd party cookie on mobile safari, google (DFP) came out with the workaround to bypass the restriction by creating iframe on the page and set the cookies there. It worked for a while till apple found out and blocked it. As far as I know, there is no workaround to enable 3rd party cookies on mobile safari.
I am working on a online credit card's web site and need to include a kind of single session per browser feature.
Examinating different Home Banking systems I found the requested behaviour in all of them. However, I didnĀ“t find the mechanism to do it myself. What I need to do is the following:
User opens a browser tab and goes to http://thecreditcardsite.com
User log in with his credentials and gets access to the site content
User opens a new tab and goes to http://thecreditcardsite.com (now there are two opened tabs)
User log in with different credentials in the new tab
User see that the first tab changed and the login page is displayed.
This seems to be a very common behavior in this kind of applications (credit card, online banking systems), how can I do that?
When using the facebook login API, when you click the login button, it opens up the request for permission browser page. I was wondering, how does facebook open up this browser? Also, the browser used for the request for permission page does not let you change URLs, the size is fixed in the beginning, and the browser is very clean (w/o bookmarks or tabs). Is this feature to open up such a browser something that is in the standard html/javascript already? or is it something that facebook made themselves?
To illustrate what I'm talking about, press the fb login at the top of this page:
http://fbrell.com/xfbml/fb:login-button
Thanks!
window.open(URL,name,specs,replace)
specs allows the modifications you're asking about.
Example:
window.open('http://facebooksurlforlogginin', 'Login', 'titlebar=0,menubar=0,toolbar=0,resizable=0,scrollbars=0,width=500,height=400');
https://developer.mozilla.org/en/DOM/window.open