How can i enable for the IE10 store the cookies?
Some internet services (Facebook Dialogs for example) pass variables this way which you need to use them in further request, but IE10 dont allow cookies.
What i'm trying to do is login at facebook with "Windows.Security.Authentication.Web.WebAuthenticationBroker", get the token, and then open the feed dialog... when i try to open the feed dialog, i receive an error, because the page have no cookies...
If your question is about WinRT Applications written using JavaScript/HTML/CSS then you don't have the notion of cookies, because this is not IE10 but instead it's the IE10 HTML rendering engine - Trident, and IE10 JS engine - Chakra. You have AppData (Local state, Temp state, Roaming state) in Windows Store Apps which you can use to store any data you want. Here's a guide how to access the Local State.
If the question is really about IE10 then I assure you IE10 supports cookies if the user has cookies enabled.
Related
Short:
I need help in SSO in Safari, I'm using iFrame and postMessage logic which is working fine in Chrome and Firefox (PC, Mac, Android and iOS) but the catch is in Safari. I tried Storage Access APIs and placed those in iFrame's onLoading event to check access. But the localStorage which I was used to store JWT is not persistent in the iFrame. I'm using Angular 11.
Scenario:
I'm developing few applications which uses same auth site for sso, which was working as expected as I said in short description. But when it comes to Intelligent Tracking Prevention enabled browsers as of now Safari, It blocks the iFrame by considering it as 3rd Party Trackers which is very insane since the iFrame's origin (Domain) is same with Sub-domain used in service sites.
I tried to check the access by using storage access API i.e hasStorageAccess() in window onLoad method in the iFrame's script. If has no access, I called requestStorageAccess(). I'm here not using user gesture and using button click from service site because I'm using angular for frontend framework but in order to request using button in iFrame.(Since, The policy specifies to get access works only after user interaction which is another headache for devs)
I need help to overcome this issue and fix the SSO with ITP. Any guidance is useful and I'll keep updated.
Google is working fine with their sso and services such as YouTube and Mail doesn't need login on every visit. Any idea on how they achieved.
The reason could be that Safari has the option "Prevent cross-site tracking" enabled by default and that can interfere with the SSO login and display of an embedded iframe (because it blocks some cookies).
Solution
Disable (uncheck) the option for "Prevent cross-site tracking" in the Safari configuration menu.
Tip: To achieve a better user experience, using Javascript you can detect when a user is using Safari and show him an HTML message explaining that he needs to disable that option in order to continue or use another browser like Chrome or Firefox.
Pretty stuck with this one. I'm using Auth0's SPA-JS SDK and it works perfectly for the most part, but on mobile when I refresh the page it logs me out.
I get the error that says "login required", but no such error when on the desktop. On the desktop, I can refresh the page as much as I want with no issue.
I am not using the dev keys anymore for my social signups, and the issue occurs on email signup as well, so I don't think dev keys are the issue either.
Thanks.
Are you using the mobile browser (eg Chrome / Safari)?
Or a mobile webview?
The latter case will always give you a private browser session where cookies and session storage are both aggressively dropped.
If you're not using the mobile browser then the other scenarios require more work. Logins via some form of the system browser work best.
Also are you using local storage of OAuth 2.0 tokens?
- if so try switching to session storage - could be related to cookies dropped due to a missing user gesture - eg Intelligent Tracking Protection
I have a web app that uses a cookie as an access token (to let users stay logged in after refreshing/closing the site/app). It works perfectly on desktop but when I try to use it on my Android phone (installing it via Chrome), for some reason it says that I'm not logged in which means it wasn't able to load the access token.
Why is this happening? Is there a difference between how cookies are handled in the browser and when starting a PWA as a standalone?
Also two little side questions, 1, is there a way to debug a PWA that's added to the homescreen (using some sort of remote debugger) and 2, would it be a security risk to use localStorage for storing the access token instead of a cookie? I realize neither is particularly safe but I read that cookies are slightly better for this sort of thing. localStorage works just fine when starting as a standalone
My question is similar to How to use OAuth with Github in a Safari extension, however, the answer there explains how to use oauth with the older safari extension API. I am trying to use OAuth with the new Safari App Extension API (https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/SafariAppExtension_PG/).
The new API allows the writing of native code, in addition to providing the ability to inject content scripts. Where should I perform the authentication? I also developed a chrome extension, and Google provides an API for retrieving OAuth tokens (https://developer.chrome.com/apps/identity) -- however I do not see anything similar for Safari App Extensions.
Any help is greatly appreciated!
I am currently working on Safari App Extension similar to your needs and the logic, certs (if you use them) persistence, access and refresh tokens all of them goes to the native code. From the SFSafariExtensionHandler you can control the active window/tab and all the pages in the tab, also receive callbacks from the pages.
For the OAuth use any native lib. that solves most of your needs for the logic. I am using this one from AeroGear.
Some adaptation will be needed for the page controlling.
my application is setting browserhome page ,search provider ,favourites etc to all supported browsers like googlechrome,firefox,internet explorer.My purpose is to automate my application using selenium .In case of IE these informationa are stored in registry . so it is easy for me to validate the above details .But for firefox and google chrome its bit problem .So i just want know whether there is any functions available in javascript to check browser homepage ,search provider,favourites etc in firefox and google chrome ?
The simple answer is no. It would be a security and privacy issue if client side js code could access that information. Instead you would need to use a browser extension, or in your case you can just use an external program with administrative rights. I am pretty sure that selenium does not have this functionality built in, however it is all available if you know where the browser stores it. IE uses the registry, but chrome and Firefox use proprietary files in their profile directories. There may be an library that does this, otherwise it is possible