Safary 13.1.1 is broken

Question

Safary 13.1.1 is broken

Closed this issue 4 years ago · 3 comments

https://developer.apple.com/documentation/safari_release_notes/safari_13_1_release_notes

Privacy
New Features
...

Added cookie blocking for all cross-site resources by default.

Because of that change I see so error in the Safary DevTools and I can't continue the login process:

[Error] Origin https://<mydomain> is not allowed by Access-Control-Allow-Origin.
[Error] Fetch API cannot load https://<mydomain>/_gcp_iap/gcip_authenticate due to access control checks.
[Error] Failed to load resource: Origin https://<mydomain> is not allowed by Access-Control-Allow-Origin. (gcip_authenticate, line 0)

Answer 1 · 2020-06-15T23:01:42.000Z

Thanks for filing the issue. We did some preliminary investigations. We have some ideas on how to fix this but it will require some re-designing and re-engineering efforts.

BTW, Safari's implementation is inconsistent. This seems to not be an issue in Safari private mode browsing (using email/password sign), ironically. I can't really tell if this is a bug or whether this is the intended behavior on their end.

Answer 2 · 2020-08-05T18:10:48.000Z

Hey @MrEfrem, the issue should be fixed in v0.1.2. If you are using the AuthUI container, it is fixed in v0.1.3.

Note there are still some issues for sign in with redirect and popup flows in the underlying GCIP dependencies in browsers with disabled 3P cookies. These are being tackled separately.

Answer 3 · 2020-08-06T05:52:03.000Z

@bojeil-google thanks.