Django Iframe Safari修复 [英] Django Iframe Safari Fix

问题描述

因此，根据此处的信息 Safari 3rd party cookie iframe技巧不再起作用?，然后在此处Safari 5.1.5中的iframe 很明显，旧的技巧无法奏效:

So based on information here Safari 3rd party cookie iframe trick no longer working? and here Missing cookies on iframe in safari 5.1.5 it's clear that old tricks wont work:

from django.http import HttpResponse
from django.conf import settings


SESSION_COOKIE_NAME = getattr(settings, 'SESSION_COOKIE_NAME')

class SafariIFrameFixMiddleware(object):
    """
    Middleware fixes sessions with Safari browser in iframes

    Safari default security policy restricts
    cookie setting in first request in iframe

    Solution is to create hidden form to preserve GET variables
    and REPOST it to current URL
    """
    def process_request(self, request):
        if request.META['HTTP_USER_AGENT'].find('Safari') != -1 \
                and request.META['HTTP_USER_AGENT'].find('Chrome') == -1 \
                and SESSION_COOKIE_NAME not in request.COOKIES \
                and 'cookie_fix' not in request.GET:
            html = """<html><body><form name='cookie_fix' method='GET' action='.'>"""
            for item in request.GET:
                html += "<input type='hidden' value='%s' name='%s' />" % (request.GET[item], item)
            html += "<input type='hidden' name='cookie_fix' value='1' />"
            html += "</form>"
            html += '''<script type="text/javascript">document.cookie_fix.submit()</script></html>'''
            return HttpResponse(html)
        else:
            return

所以我正在寻找解决问题的新方法.

So I'm seeking new way to solve it.

似乎需要打开一个窗口(具有用户权限/单击，否则它将被野生动物园阻止)并在那里开始会话.

It seems that it requires open up window (with user permission/click or it will be blocked by safari) and start session there.

问题在于，完全相同的弹出页面将运行所有中间件，因此它在项目内部可能并不总是可行的(希望尽可能少地进行侵入式修复).

Problem is that the very same popup page will ran true all of the middlewares thus it not may be always viable inside project (want as little intrusive fix as possible).

django会话也同样在中间件内部，我还没有找到任何干净的手动启动方式.有什么建议吗?

Also django session starting is inside middleware as well, I haven't found any clean way of starting one manually. Any suggestions?

推荐答案

我已经创建了修订的工作版本，并在此处上传到pypi:

I've created working version of fix and uploaded to pypi here: http://pypi.python.org/pypi/django-iframetoolbox

注意:它可能要到0.2版本后才能稳定

Note: It might not be stable until 0.2 version

这篇关于Django Iframe Safari修复的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！