Opera changes third-party iframe cookie handing in latest release
The support requests for my Facebook-based application started coming in today:
“This application isn’t working in Opera!”
“I just keep getting redirected! I’m using Opera.”
“Your site is BROKEN! Please fix it IMMEDIATELY SO I CAN ACCESS MY ACCOUNT!! I’m in Opera!”
Odd, because it *used* to work in Opera. After some investigation, it looks like the latest Opera release contains a change in how iframe cookies are handled. In short – it stopped handling them. The new Opera (10.53 at least) seems to reject all cookies set by a remote server via an iframe.
Why? Who can say. I’ve heard the “security” and “privacy” rationales, and I don’t find them particularly compelling. What I do know, though, is that this change in default behavior is going to negatively impact millions of Opera users and website operators. It’s very bad software release practice when a new release breaks existing functionality. Shame on you, Opera.
Fortunately, I already had mechanisms in place to deal with this annoying browser practice – see, this is the exact same way Safari handles third party iframe cookies. I simply started sending my Opera users down the specialized Safari authentication pathway, and voila, problem solved.
It may not be as easy for other Facebook Application Developers, though. If they haven’t specifically dealt with the newer Safari problem, they’ve got some coding to do.
This is exactly why web-based software developers choose to only support specific browsers, usually IE and increasingly Firefox. You never know when an obscure web browser is going to make a major release faux pas.
July 12th, 2010 at 10:56 am
Hi Eddie, I’m also a Facebook app developer and I have the same problem as yours (opera won’t accept cookie from page within Iframe).
In your post, you said you already have a mechanisms to deal with this problem. I would be very happy if you could share the trick to me =)
October 27th, 2010 at 5:35 am
Frustrating. Thought it had to be me or opera config. The fb login still works from my app, yet fb fails to fire the “onlogin” function, and still no cookie…and of course no real-time update, although it works fine on ff, ie, chrome.
November 10th, 2010 at 3:07 am
I made an iframe app on facebook (example domain myapp.example.com). To redirect users to authorize my app I use something like this:
die(“top.location.href = ‘$url’;”);
where $url is $facebook->getLoginUrl(…). It worked everywhere and cookie was made. But not in Opera. I was fighting with for two days now and finally found solution I think. By default Opera can’t handle third-party cookies so I made her accept them by setting (in website prefs, cookies tab) ‘Accept cookies’ instead of ‘Accept cookies from pages I visit’ (or something like that) in apps.facebook.com and in my canvas url page (myapp.example.com). I made opera accept cookies from my app :) It’s very frustrating that Opera is somehow broken with facebook (iframe cookies handling borken, and events not fired [floyd landrath comment above], this bug http://my.opera.com/community/forums/topic.dml?id=773602 etc) which is the biggest social network site. I understand now why opera is not so popular.
March 21st, 2011 at 8:09 am
Piotrekkr
how did you do this..?