CB login / CB connect without cookies
- activha
- OFFLINE
-
Platinum Member
- Posts: 2278
- Thanks: 113
- Karma: 13
1 year 2 weeks ago - 1 year 2 weeks ago #333435
by activha
Replied by activha on topic CB login / CB connect without cookies
My best bet was to change in /plugins/user/joomla/joomla.php
This allows log in chrome with the correct SameSite=None cookie.
As for Safari that was a little more tricky,
First you have to set sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-forms" in the iframe, then you need a code to trigger the allow storage access for webkit. This code has to be placed in the iframe
This way, clicking on the sendIA button triggers the authorization for Safari and then you can log in CB
Don't know if this code is optimized but it works, maybe it can help someone else
// Add "user state" cookie used for reverse caching proxies like Varnish, Nginx etc.
// if ($this->app->isClient('site')) {
// $this->app->input->cookie->set(
// 'joomla_user_state',
// 'logged_in',
// 0,
// $this->app->get('cookie_path', '/'),
// $this->app->get('cookie_domain', ''),
// $this->app->isHttpsForced(),
// true
// );
// }
//correction of the cookie to allow samesite none important for safari and chrome
if ($this->app->isClient('site')) {
$cookieName = 'joomla_user_state';
$cookieValue = 'logged_in';
$cookieExpires = 0;
$cookiePath = $this->app->get('cookie_path', '/');
$cookieDomain = $this->app->get('cookie_domain', '');
$cookieSecure = $this->app->isHttpsForced() ? 'Secure;' : '';
$cookieHttpOnly = 'HttpOnly;';
$cookieSameSite = 'SameSite=None';
$cookie = sprintf(
'%s=%s; expires=%s; path=%s; domain=%s; %s %s %s',
$cookieName,
$cookieValue,
($cookieExpires == 0) ? '0' : gmdate('D, d-M-Y H:i:s T', time() + $cookieExpires),
$cookiePath,
$cookieDomain,
$cookieSecure,
$cookieHttpOnly,
$cookieSameSite
);
header('Set-Cookie: ' . $cookie, false);
}This allows log in chrome with the correct SameSite=None cookie.
As for Safari that was a little more tricky,
First you have to set sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-forms" in the iframe, then you need a code to trigger the allow storage access for webkit. This code has to be placed in the iframe
document.addEventListener('DOMContentLoaded', function() {
function setCookie(name, value, days) {
const date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
const expires = "; expires=" + date.toUTCString();
document.cookie = name + "=" + (value || "") + expires + "; path=/";
}
function getCookie(name) {
const nameEQ = name + "=";
const ca = document.cookie.split(';');
for (let i = 0; i < ca.length; i++) {
let c = ca[i];
while (c.charAt(0) === ' ') c = c.substring(1, c.length);
if (c.indexOf(nameEQ) === 0) return c.substring(nameEQ.length, c.length);
}
return null;
}
function requestAccess() {
if (document.hasStorageAccess) {
document.requestStorageAccess().then(function() {
console.log('Accès au stockage accordé');
setCookie('storageAccessGranted', 'true', 1);
}).catch(function(err) {
console.error('Accès au stockage refusé', err);
});
} else {
console.log('La méthode requestStorageAccess() n\'est pas prise en charge par ce navigateur');
}
}
const storageAccessGranted = getCookie('storageAccessGranted');
if (storageAccessGranted === 'true') {
console.log('L\'accès au stockage a déjà été accordé');
} else {
requestAccess();
}
const sendIAButton = document.getElementById('sendIA');
sendIAButton.addEventListener('click', function() {
if (getCookie('storageAccessGranted') !== 'true') {
requestAccess();
}
other_function();
});
});[/i]This way, clicking on the sendIA button triggers the authorization for Safari and then you can log in CB
Don't know if this code is optimized but it works, maybe it can help someone else
Last edit: 1 year 2 weeks ago by activha.
The following user(s) said Thank You: krileon
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.157 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- CB login / CB connect without cookies