2012-06-22 107 views
11

因此,基於信息在這裏Safari 3rd party cookie iframe trick no longer working?這裏Missing cookies on iframe in safari 5.1.5很顯然,老招數不會工作:的Django的iFrame Safari瀏覽器修復

from django.http import HttpResponse 
from django.conf import settings 


SESSION_COOKIE_NAME = getattr(settings, 'SESSION_COOKIE_NAME') 

class SafariIFrameFixMiddleware(object): 
    """ 
    Middleware fixes sessions with Safari browser in iframes 

    Safari default security policy restricts 
    cookie setting in first request in iframe 

    Solution is to create hidden form to preserve GET variables 
    and REPOST it to current URL 
    """ 
    def process_request(self, request): 
     if request.META['HTTP_USER_AGENT'].find('Safari') != -1 \ 
       and request.META['HTTP_USER_AGENT'].find('Chrome') == -1 \ 
       and SESSION_COOKIE_NAME not in request.COOKIES \ 
       and 'cookie_fix' not in request.GET: 
      html = """<html><body><form name='cookie_fix' method='GET' action='.'>""" 
      for item in request.GET: 
       html += "<input type='hidden' value='%s' name='%s' />" % (request.GET[item], item) 
      html += "<input type='hidden' name='cookie_fix' value='1' />" 
      html += "</form>" 
      html += '''<script type="text/javascript">document.cookie_fix.submit()</script></html>''' 
      return HttpResponse(html) 
     else: 
      return 

所以我正在尋找解決這個問題新途徑。

它似乎需要打開窗口(用戶權限/點擊或它將被Safari瀏覽器阻止)並開始會話。

問題是,完全相同的彈出頁面將實現所有中間件,因此它不會在項目內部始終可用(希望儘可能少的侵入修復)。

此外django會話啓動也是在中間件內部,我還沒有找到任何手動啓動的乾淨方式。有什麼建議麼?

+0

爲什麼您需要手動啓動會話?如果你的彈出窗口來自Django並通過中間件,你會自動獲得新的會話,如果它不存在的話。 – Anentropic

+0

爲什麼在iframe中不使用js和post進行替換? – Efazati

回答

相關問題