11

因此,根据此处的信息,Safari 3rd 方 cookie iframe 技巧不再起作用?在这里Missing cookies on iframe in safari 5.1.5很明显旧技巧不会起作用:

from django.http import HttpResponse
from django.conf import settings


SESSION_COOKIE_NAME = getattr(settings, 'SESSION_COOKIE_NAME')

class SafariIFrameFixMiddleware(object):
    """
    Middleware fixes sessions with Safari browser in iframes

    Safari default security policy restricts
    cookie setting in first request in iframe

    Solution is to create hidden form to preserve GET variables
    and REPOST it to current URL
    """
    def process_request(self, request):
        if request.META['HTTP_USER_AGENT'].find('Safari') != -1 \
                and request.META['HTTP_USER_AGENT'].find('Chrome') == -1 \
                and SESSION_COOKIE_NAME not in request.COOKIES \
                and 'cookie_fix' not in request.GET:
            html = """<html><body><form name='cookie_fix' method='GET' action='.'>"""
            for item in request.GET:
                html += "<input type='hidden' value='%s' name='%s' />" % (request.GET[item], item)
            html += "<input type='hidden' name='cookie_fix' value='1' />"
            html += "</form>"
            html += '''<script type="text/javascript">document.cookie_fix.submit()</script></html>'''
            return HttpResponse(html)
        else:
            return

所以我正在寻找新的方法来解决它。

似乎它需要打开窗口(具有用户权限/单击,否则它将被 safari 阻止)并在那里开始会话。

问题是相同的弹出页面将运行所有中间件,因此它在项目内部可能并不总是可行的(希望尽可能少的侵入性修复)。

django 会话启动也在中间件内部,我还没有找到任何手动启动的干净方法。有什么建议么?

4

2 回答 2

4

I've created working version of fix and uploaded to pypi here: http://pypi.python.org/pypi/django-iframetoolbox

Note: It might not be stable until 0.2 version

于 2012-08-27T07:28:22.720 回答
1

我也创建了一个类似于 JackLeo 的工作。您可以使用中间件或装饰器https://github.com/philroche/django-httpsiframecookiesetter以及更多选项。

于 2013-10-15T10:20:20.403 回答