铁路，AJAX和iframe在Safari [英] Rail, ajax and iframe in Safari

问题描述

在我们的应用中具有与阿贾克斯工作的一些元素。 我们为用户提供嵌入的iframe应用程序的部分。

In our application we have some elements that work with ajax. We offer users to embed parts of the app in an iframe.

一切工作正常的Chrome和Mozilla浏览器。在Safari中，我们得到422错误，并且服务器日志是这样的：

Everything work fine in Chrome and Mozilla. In Safari we get 422 error, and the server log looks like this:

2015-07-15T08:26:06.818885+00:00 app[web.1]: Completed 422 Unprocessable Entity in 4ms
2015-07-15T08:26:06.815411+00:00 app[web.1]: Can't verify CSRF token authenticity
2015-07-15T08:26:06.823389+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

我们想通了，如果我们直接访问iframe的URL，然后到包含它工作正常，iframe的页面可能表明它已经做饼干。

We figured out that if we access directly the iframe url AND THEN to the page which contains the iframe it works fine, which might indicates that it has to do with cookies.

我想这个解决方案的，但我们还是有这个问题。

I tried this solution, but we still have this problem.

推荐答案

最后，我想通了，Safari浏览器不允许保存的Cookie在iframe中。

Finally I figured out that Safari does not allow keeping cookies in iframe.

这意味着，如果你需要使用Cookie，你需要做的事情。

It means that if you need to use cookies, you need to do something.

我找到解决的办法是这样的：

The solution I found is this:

1. 在如果会议的iframe code检[：safari_cookie_fixed] 存在。如果不是，呈现一个code，将通信使用的postMessage 的父窗口，让他知道我们需要一个重定向。
2. 父窗口通过的postMessage 发送信号到的iframe时iframe中加载。监听，这是在情况下，cookie不存在渲染，将信号发送到家长进行重定向，和父母做了重定向 /设置Cookie 页iframe的领域，增加其当前的URL作为查询字符串参数。
3. set_cookie 操作保存的Cookie safari_cookie_fixed 并重定向到父页面（它的URL可在查询字符串）

1. In the iframe code check if session[:safari_cookie_fixed] exist. If not, render a code that will communicate using postMessage with the parent window and let him know that we need a redirection.
2. The parent window send a signal via postMessage to the iframe when the iframe is loaded. The listener, which was rendered in case the cookie does not exist, send a signal to the parent to perform redirect, and the parent does a redirection to /set-cookie page in the iframe domain, adding its current url as a query-string parameter.
3. set_cookie action save a cookie safari_cookie_fixed and redirect back to the parent page (which its url is available in the query-string)

中，当然这种解决方案需要添加一些JS code在父页面，但是当你给你的用户的iframe HTML code可以包括的js为好。

Of-course this solution requires adding some js code in the parent page, but when you give your user the iframe html code you can include the js as well.

这篇关于铁路，AJAX和iframe在Safari的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！