Setting cookie in iframe - different Domain

2020-02-18 04:18发布

问题:

We have our site integrated as an iframe into another site that runs on a different domain. It seems that we cannot set cookies. Has anybody encountered this issue before? Any ideas?

回答1:

Since your content is being loaded into an iframe from a remote domain, it is classed as a third-party cookie.

The vast majority of third-party cookies are provided by advertisers (these are usually marked as tracking cookies by anti-malware software) and many people consider them to be an invasion of privacy. Consequently, most browsers offer a facility to block third-party cookies, which is probably the cause of the issue you are encountering.



回答2:

After reading through Facebook's docs on iframe canvas pages, I figured out how to set cookies in iframes with different domains. I created a proof of concept sinatra application here: https://github.com/agibralter/iframe-widget-test

There is more discussion on how Facebook does it here: How does Facebook set cross-domain cookies for iFrames on canvas pages?



回答3:

IE requires you to set a P3P policy before it will allow third-party frames to set cookies, under the default privacy settings.

Supposedly P3P allows the user to limit what information goes to what parties who promise to handle it in certain ways. In practice it's pretty much worthless as users can't really set any meaningful limitations on how they want information handled; in the end it's just a fairly uniform setting acting as a hoop that all third parties have to jump through, saying “I'll be nice with your personal information” even if they have no intention of doing so.