Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 07:31amHi Team,
Our applicaiton uses the esign iframe to load the signing package and to capture the signature within our site.
We are seeing the below error in Safari browsers whenever the application tries to load the esign iframe. Can you please take a look at the error attached.
We would like to set-up a proxy domain to resolve this. Can you please share the steps to implement this?
Reply to: Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 09:06amHi Pradeep,
I believe it's a general issue in Safari that the browser only accepts third-party cookie when either end-user turned off the "Prevent Cross-Site Tracking" settings, or the site has been visited, therefore become trusted site.
So the potential solution includes below:
(1)instruct end-user to enable the third-party cookie in the settings
(2)before loading the iFrame, open an OneSpan Sign page in a new tab, and automatically close it, so does this thread suggest.
(3)the most complicated way is to set up a reverse proxy to convert the third party cookie to first party cookie. The configuration could vary if you are using different HTTP servers, there are many guides out there depending on the technical solutions you are using. And I have a blog talks about how to set up an Apache server to achieve reverse proxy.
Duo
Reply to: Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 10:21amThanks Duo Liang,
I will work on the second option which seems more suitable. I will post on the thread if it's still not working.
Reply to: Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 10:24amHi Pradeep,
The easiest way to test against option2 is:
(1)load the iFrame in Safari, you saw the error page
(2)manually open a new tab, and navigate to the onespan sign site (if you are in us2 sandbox, use https://sandbox.esignlive.com, so on so forth)
(3)after loading, close the new tab, and switch back, refresh the iFrame, and the signing ceremony should be accessible.
This should give you an better idea about the nature of Safari cookie issue.
Duo
Reply to: Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 01:54pmHi,
We tried this with https://sandbox.esignlive.com/html/loading.html in iOS 13 IPhone X Safari and it doesn't seem to work. Can we please arrange for a troubleshooting session?
Edit : We tried the manual steps you suggested
Thanks,
Pradeep
Reply to: Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 02:09pmHi Pradeep,
Is the URL behind the iFrame with domain of US2 sandbox? You can have a quick check on this point and it's not the issue, could you kindly create a support ticket([email protected]) so that I can work with our support team to help you troubleshoot with the issue.
Duo
Reply to: Cross Site Tracking - Safari
Tuesday, May 12, 2020 at 05:32pmHi Duo - Created support ticket. CS0031109
Reply to: Cross Site Tracking - Safari
Wednesday, May 13, 2020 at 01:16pmHi Duo,
I tried the javascript by launching the "loading" html before the iframe is invoked or even the signing package is created.
This should work as expected correct? Please let me know if there's something different you want me to try or if a quick screen share session would help.
Thanks,
Pradeep
Reply to: Cross Site Tracking - Safari
Wednesday, May 13, 2020 at 01:23pmHave you got the chance to try the URL I provided above?
Reply to: Cross Site Tracking - Safari
Friday, May 15, 2020 at 01:46pmHi Duo,
We were able to get this to work with changes in the proxy server as discussed. Thanks a lot for your help - if you can clear the sensitive data from this post that would be great.
Thanks.
Pradeep
Reply to: Cross Site Tracking - Safari
Friday, May 15, 2020 at 01:52pmGreat to hear that! I've removed the replies that contains sensitive information.
Duo