因此,根据此处的信息,Safari 3rd 方 cookie iframe 技巧不再起作用?在这里Missing cookies on iframe in safari 5.1.5很明显旧技巧不会起作用:
from django.http import HttpResponse
from django.conf import settings
SESSION_COOKIE_NAME = getattr(settings, 'SESSION_COOKIE_NAME')
class SafariIFrameFixMiddleware(object):
"""
Middleware fixes sessions with Safari browser in iframes
Safari default security policy restricts
cookie setting in first request in iframe
Solution is to create hidden form to preserve GET variables
and REPOST it to current URL
"""
def process_request(self, request):
if request.META['HTTP_USER_AGENT'].find('Safari') != -1 \
and request.META['HTTP_USER_AGENT'].find('Chrome') == -1 \
and SESSION_COOKIE_NAME not in request.COOKIES \
and 'cookie_fix' not in request.GET:
html = """<html><body><form name='cookie_fix' method='GET' action='.'>"""
for item in request.GET:
html += "<input type='hidden' value='%s' name='%s' />" % (request.GET[item], item)
html += "<input type='hidden' name='cookie_fix' value='1' />"
html += "</form>"
html += '''<script type="text/javascript">document.cookie_fix.submit()</script></html>'''
return HttpResponse(html)
else:
return
所以我正在寻找新的方法来解决它。
似乎它需要打开窗口(具有用户权限/单击,否则它将被 safari 阻止)并在那里开始会话。
问题是相同的弹出页面将运行所有中间件,因此它在项目内部可能并不总是可行的(希望尽可能少的侵入性修复)。
django 会话启动也在中间件内部,我还没有找到任何手动启动的干净方法。有什么建议么?