How does Facebook set cross-domain cookies for iFrames on canvas pages?

by

So the iFrame isn’t actually setting the u cookie for the runwithfriends.appspot.com domain. What Facebook does is it creates a form, <form action="runwithfriends.appspot.com/..." target="name_of_iframe" method="POST"> and uses javascript to submit the form on page load. Since the form’s target is the iframe, it doesn’t reload the page… it just loads the iframe with the POST’s response. Apparently even Chrome and other browsers with strict cookie policies set cookies for cross domain requests if they are POST requests…

More Related Contents:

  1. Loading Iframe Facebook (Load denied by X-Frame-Options)
  2. HTML iframe not working when i write src= of facebook
  3. Cross-Domain Cookies
  4. Cookies on localhost with explicit domain
  5. What are allowed characters in cookies?
  6. Fetch API with Cookie
  7. Safari 3rd party cookie iframe trick no longer working?
  8. How to identify if a webpage is being loaded inside an iframe or directly into the browser window?
  9. Clear cookies on browser close
  10. Mobile users unable to access Facebook page tab
  11. Safari doesn’t set Cookie but IE / FF does
  12. What does the dot prefix in the cookie domain mean?
  13. Setting a cookie using JavaFX’s WebEngine/WebView
  14. Why won’t asp.net create cookies in localhost?
  15. What is the maximum size of a cookie, and how many can be stored in a browser for each web site?
  16. How cookies work?
  17. Can two different browser share one cookie?
  18. How to log into Facebook programmatically using Java?
  19. Send cookies with curl
  20. IE8 losing session cookies in popup windows
  21. how to disable cookies using webdriver for Chrome and FireFox JAVA
  22. How do I access HttpContext in Server-side Blazor?
  23. Does every web request send the browser cookies?
  24. Sending cookies with postman
  25. How to add a cookie to the cookiejar in python requests library
  26. Yahoo Finance Historical data downloader url is not working
  27. When does a cookie with expiration time ‘At end of session’ expire?
  28. iframe not reading cookies in Chrome
  29. Setting cookie in iframe – different Domain
  30. How to handle expired access token in asp.net core using refresh token with OpenId Connect

Leave a Comment