跨域 Cookie 在 Safari 上不起作用

Question

我有 2 个网站：

1. 3rdpartycookiemanager.com
2. website.com

来自网站：https://www.website.com

我进行 Ajax 呼叫：https://www.3rdpartycookiemanager.com/cookies.php

使用以下 jQuery 调用：

$.ajax({
  ...
  type: 'POST',    
  url: 'https://www.3rdpartycookiemanager.com/cookies.php',
  cache: false,
  crossDomain: true,
  dataType: 'json',
  data: {
    email: 'bill.gates@microsoft.com'
  },
  xhrFields: {
    withCredentials: true
  },
  ...
});

在浏览器的开发者工具上，我看到以下内容：

General
    Request URL:https://www.3rdpartycookiemanager.com/cookies.php
    Request Method:POST
    Status Code:200 

Response Headers
    Access-Control-Allow-Credentials:true
    Access-Control-Allow-Origin:https://www.website.com
    Content-Type:application/json
    Date:Thu, 22 Oct 2020 16:47:32 GMT
    Server:
    Set-Cookie:data=%7B%22email%22%3A%22bill.gates%40microsoft.com%22%7D; expires=Fri, 22-Oct-2021 16:47:32 GMT; Max-Age=31536000; path=/; secure; SameSite=None
    Vary:Origin
    Provisional headers are shown

Request Headers
    Accept:application/json, text/javascript, */*; q=0.01
    Content-Type:application/x-www-form-urlencoded; charset=UTF-8
    Origin:https://www.website.com
    Referer:https://www.website.com/
    User-Agent:Mozilla/5.0 (iPhone; CPU iPhone OS 13_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1

Form Data
    action:set
    data[email]:bill.gates@microsoft.com

在响应标头上您可以看到：

Set-Cookie:data=%7B%22email%22%3A%22bill.gates%40microsoft.com%22%7D; expires=Fri, 22-Oct-2021 16:47:32 GMT; Max-Age=31536000; path=/; secure; SameSite=None

我的问题是：

这适用于：

• Windows - Edge、Chrome、Firefox
• Android - Chrome、Firefox
• macOS - Chrome、Firefox

但不起作用：

• macOS - Safari
• iOS - Safari、Chrome

补充说明：

在网站上：3rdpartycookiemanager.com 我使用 PHP 并拥有以下内容：

~/public_html/3rdpartycookiemanager.com/.htaccess

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "cookies\.php$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)?(website.com)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header add Access-Control-Allow-Credentials true
        Header merge Vary Origin
    </IfModule>
</FilesMatch>

~/public_html/3rdpartycookiemanager.com/cookies.php

<?php

$action = $_POST['action'] ?? '';

switch ($action) {
  case 'set':
    $data = $_POST['data'] ?? '';
    $arr_cookie_options = [
      'expires' => time() + 365*24*60*60,
      'path' => '/',
      // 'domain' => '.local',
      'samesite' => 'None',   // required to enable cross-site usage
      'secure' => true,       // required in order to use: 'samesite' => 'None'
      'httponly' => false
    ];
    setcookie('data', json_encode($data), $arr_cookie_options);
    $response = [
      'status' => 'success',
    ];
    break;
  case 'get':
    $response = json_decode($_COOKIE['data'] ?? '', true);
    break;
}

header('Content-Type: application/json');
echo json_encode($response);

?>

关于如何进行这项工作的任何想法：

• macOS - Safari
• iOS - Safari、Chrome

因为它适用于其余的设备和浏览器？

谢谢！

Answer 1

我遇到了同样的问题，我知道的唯一解决方案是更改 iOS 设备上的 Safari 设置。找到 Settings->safari->prevent cross-site tracking 并取消勾选。