Attempting to copy a cookie from second.com to first.com with full control of both domains.
I used to use iFrame, but it could not work in all browsers, as it affected “third-party cookies”, which are difficult to implement and impossible in Safari and Chrome.
The new approach uses the SCRIPT tag that points to second.com and is included in HEAD first.com. The server side of SCRIPT is actually part of Java, which reads the cookies sent with the request (cookies from second.com), and the returned JavaScript runs on first.com and essentially duplicates the cookies here. This works fine in all browsers except IE, where IE does not seem to send second.com cookies with SCRIPT request, so Java cannot get the cookie value from second.com.
This is certainly related to IE's security settings, when I set privacy to the lowest level it works, but my question is why cookies are blocked at all? I thought that the SCRIPT tag does not fall under the same origin policy (which AJAX and other technologies must adhere to).
Any solution for this without a P3P privacy policy route header?
source
share