Friday, 7 June 2013

Cross-domain or 3rd party cookies through an iFrame in Safari 6

In Safari 6 setting a 3rd party cookie has become even more difficult. Previously problems like this could be overcome with P3P headers and the like (and here's a previous post of mine where it caught me out again with IE), and for Safari 5 and earlier there were other techniques.

Well now the user needs to have interacted directly with the domain for a cookie to be set, and there are several ways of acheiving this described in this SO post, which also has the following notable comment from one user:

"it is becoming pretty obvious that 3rd party cookies are now the devil, even when used in appropriate ways"

This is particularly pertinent for Facebook app developers when we need to display a once-only welcome message and remember that is has been presented, or for those who choose an obstructive opt-in cookie message (rather than implied consent) and need to remember that this has been accepted. 

Login dialog popup not working within app when not logged onto Facebook

Came across a weird problem today with a Facebook app we're building. When viewing the app in its canvas or a page tab environment, clicking a button that should trigger the javascript SDK login popup actually resulted in brief flash of a waiting animation and then nothing.

Some investigation revealed this bug logged by Facebook but only replicated by 9 people (as of today) in about three weeks. Sure enough, checking an existing live Facebook app which I built a few months ago, and which gets about 1000 users a day, displayed the same behaviour - you couldn't use the app if you weren't alreay logged in.

It's interesting that Facebook appear to have broken something quite critical but seem to have done little to fix it, and it's also interesting how so few devs have contributed a replication report to the bug. Surely 1000's of apps are affected by this?

I think what this shows us, and the fact that I've had no complaints about accessing my other live app that are nonetheless affected by this bug, is how few users visit a Facebook app without actually being logged in.

Anyway, a temporary and quick fix while this remains a problem is to simply use javascript to detect the scenario of being in a canvas or a tab, and the user being logged out, and instead of prompting the broken Fbook login popup simply alert the user that they need to be logged in. This seems better than nothing happening.

In the meantime subscribe to the bug and when you get notice that its fixed then put your code back to how it was.

Saturday, 1 June 2013

PublicaciĆ³n Companias Marcas Internacionales - Misleading invoices from Spain

I recently applied for a Community trade mark from the Office for Harmonization in the Internal Market   (OHIM) in Spain, in relation to an iPhone app I'm working on.

Soon after this I received an invoice from Spain for a similar amount (€1050), from PublicaciĆ³n Companias Marcas Internacionales, and it mentioned OHIM clearly in the first paragraph, although it became apparent after re-reading it that they have absolutely nothing to do with OHIM.

If you get one of these you should ignore it (in my opinion) - it's basically a con (in my opinion), clearly designed (in my opinion) to confuse the recipient into paying what they think is their OHIM invoice. If what they're doing is legal, it shouldn't be (in my opinion).