feat: introduce simple browser detection to fix Safari 14 cookies issue

* macOS 11 with Safari 14 seems to not handle 'SameSite=Strict' cookies (e.g. when redirecting to the payment provider page) correctly * the 'apiToken' cookie that handles the authentication (logged in user) state is no longer present so that the order cannot be fetched and displayed again * fix would be to not write 'SameSite=Strict' cookies in Safari 14 * the simple browser detection could be replaced if a more sophisticated version is needed
intershop · Sep 6, 2023 · 94b25d5 · 94b25d5
1 parent 22944bc
commit 94b25d5
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/src/app/core/utils/browser-detection.ts b/src/app/core/utils/browser-detection.ts
@@ -0,0 +1,23 @@
+/* eslint-disable etc/no-deprecated, unicorn/no-null */
+
+// simple browser and version detection: https://stackoverflow.com/questions/5916900/how-can-you-detect-the-version-of-a-browser
+export function browserNameVersion() {
+  const ua = navigator.userAgent;
+  let tem;
+  let M = ua.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
+  if (/trident/i.test(M[1])) {
+    tem = /\brv[ :]+(\d+)/g.exec(ua) || [];
+    return `IE ${tem[1] || ''}`;
+  }
+  if (M[1] === 'Chrome') {
+    tem = ua.match(/\b(OPR|Edge)\/(\d+)/);
+    if (tem !== null) {
+      return tem.slice(1).join(' ').replace('OPR', 'Opera');
+    }
+  }
+  M = M[2] ? [M[1], M[2]] : [navigator.appName, navigator.appVersion, '-?'];
+  if ((tem = ua.match(/version\/(\d+)/i)) !== null) {
+    M.splice(1, 1, tem[1]);
+  }
+  return M.join(' ');
+}
diff --git a/src/app/core/utils/cookies/cookies.service.ts b/src/app/core/utils/cookies/cookies.service.ts
@@ -5,6 +5,7 @@ import { TransferState } from '@angular/platform-browser';
 import { COOKIE_CONSENT_OPTIONS } from 'ish-core/configurations/injection-keys';
 import { COOKIE_CONSENT_VERSION } from 'ish-core/configurations/state-keys';
 import { CookieConsentSettings } from 'ish-core/models/cookies/cookies.model';
+import { browserNameVersion } from 'ish-core/utils/browser-detection';
 import { InjectSingle } from 'ish-core/utils/injection';
 
 interface CookiesOptions {
@@ -143,6 +144,12 @@ export class CookiesService {
     if (typeof expires === 'string') {
       expires = new Date(expires);
     }
+
+    // fix for Safari 14 not keeping 'SameSite=Strict' cookies when redirecting to a payment provider etc.
+    if (browserNameVersion() === 'Safari 14' && opts.sameSite !== 'None') {
+      opts.sameSite = 'Lax';
+    }
+
     let str = `${encodeURIComponent(name)}=${encodeURIComponent(value || '')}`;
     str += `;path=${path}`;
     str += opts.domain ? `;domain=${opts.domain}` : '';