Safari: Setting third party iframe cookies

Safari is known to be strict about permissions in iframes, especially when the domain of the iframe page is different from the domain of the parent page. Some would even say paranoically strict.

Safari will block you from setting cookies for the third-party domain (the different domain in the iframe), unless you already have cookies set for that domain.

Here's a snippet of javascript I pulled together last week that as a way to get around the iframe cookie security. It works great if your page is nice and light and loads fast, otherwise it can feel pretty clunky with the triple loading...

window.onload=function(){
 if(navigator.userAgent.indexOf('Safari')!=-1&&navigator.userAgent.indexOf('Chrome')==-1){
  var cookies=document.cookie;

  if(top.location!=document.location){
   if(!cookies){
    href=document.location.href;
    href=(href.indexOf('?')==-1)?href+'?':href+'&';
    top.location.href =href+'reref='+encodeURIComponent(document.referrer);
   }
  } else {

   ts=new Date().getTime();document.cookie='ts='+ts;
   rerefidx=document.location.href.indexOf('reref=');
   if(rerefidx!=-1){
    href=decodeURIComponent(document.location.href.substr(rerefidx+6));
    window.location.replace(href);
   }
  }
 }
}

Here's what it basically does:

• The javascript is placed in the page loaded inside the iframe. 
• If the JS is run inside the iframe and the browser is Safari and there are no cookies set, then we frame-burst the page to take over the window and append the original parent page URL as a parameter. 
• If the JS is run not inside a frame and the browser is Safari, then we set a timestamp cookie (now that we are out of the iframe) and if a reref param exists we redirect back to the original page.
• If the JS is run inside the iframe and the browser is Safari and there ARE cookies set, then we do nothing.

And one more time in pseudo-code

if(browser is Safari){
 if(we are in an iframe){
  if(no cookies){
   set window_url = iframe_url + reref=iframe_parent_url;
  }
 } else {
  set a timestamp cookie;
  if(reref exists in url){
   redirect to original url so we have iframe again
  }
 }
}

How To: Connect Your PS3 To Mac Internet Sharing WiFi

Recently I moved to a new house and had to make changes to the way I set up my network to extend WiFi coverage. Part of the solution I employed was to enable Internet Sharing of the ethernet connection on my Mac Mini so other devices could use it as a WiFi connection point.

My Mac Mini is still running OS X 10.6.8 so I had to solve the problems of connecting non-Apple devices to a Mac using WEP. Even when I had other devices connecting, I couldn't get my Playstation 3 to connect. Thankfully the PS3 connection test gives some specific indicators of what is failing, so I could see that the problem was related to getting an IP Address assigned.

When you enable Internet Sharing on your Mac a file is created at /etc/bootpd.plist which should contain something like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Subnets</key>
  <array>
    <dict>
      <key>_creator</key>
      <string>com.apple.nat</string>
      <key>allocate</key>
      <true/>
      <key>dhcp_domain_name_server</key>
      <string>192.168.2.1</string>
      <key>dhcp_router</key>
      <string>192.168.2.1</string>
      <key>lease_max</key>
      <integer>86400</integer>
      <key>lease_min</key>
      <integer>86400</integer>
      <key>name</key>
      <string>192.168.2</string>
      <key>net_address</key>
      <string>192.168.2.0</string>
      <key>net_mask</key>
      <string>255.255.255.0</string>
      <key>net_range</key>
      <array>
        <string>192.168.2.2</string>
        <string>192.168.2.254</string>
      </array>
    </dict>
  </array>
  <key>bootp_enabled</key>
  <false/>
  <key>detect_other_dhcp_server</key>
  <integer>1</integer>
  <key>dhcp_enabled</key>
  <array>
    <string>en0</string>
  </array>
  <key>reply_threshold_seconds</key>
  <integer>4</integer>
</dict>
</plist>

To get your Playstation3 to connect (or other device that is timing out while waiting for an IP Address), you need to change the integer value for the key reply_threshold_seconds from 4 to 0 (zero). Note: You will need an Administrator password to complete this process.

Here are the steps you'll need to follow to get this to work:

• Turn on Internet Sharing so that the file mentioned above is created.
• Open the Terminal application (usually found in Applications > Utilities)
• Type this command and then press return to copy the file into the tmp directory:
  cp /etc/bootpd.plist /tmp/bootpd.plist
• Turn off Internet Sharing. This will delete /etc/bootpd.plist
• To open the copied file in TextEdit, type this command in the Terminal window and press return:
  open -e /tmp/bootpd.plist
• Find this section near the end of the file
  <key>reply_threshold_seconds</key>
<integer>4</integer>
• Change 4 to 0 (zero).
• Save and Close the file and Quit TextEdit.
• To copy the file back to the original location, type this command  in the Terminal window and press return:
  sudo cp /tmp/bootpd.plist /etc
• You will be prompted to enter a Password. Enter your Administrator password and press return.
• Turn on Internet Sharing.
• Try and connect with your PS3 (or other device).

You can also find details on how to fix this issue at Apple Support Communities and PlayStation®3 Technical Solutions.

Internet Sharing WiFi with WEP encryption from OSX to non-Apple devices

I almost entitled this post as "How To Use Your Mac As A WiFi Hot-Spot", but hopefully the title I used will help more people find the article and get the simple answer on how to connect to Airport via Internet Sharing when using WEP as security.

There are a lot of simple articles about how to use your Mac as a WiFi Hot-Spot by sharing your Ethernet connection. If you don't know how to do that yet, then I recommend reading "How to Use Your Mac as a Wireless Router" which covers the general setup process nicely, although it does not address the problems you can face when using WEP and trying to connect from non-Apple devices (e.g Android phone/tablet, Windows PC, PS3, Wii, etc.)

The Mac Mini that I was using to share WiFi was running OS X 10.6.8, so the setup screens are slightly different from those in the article above. Here's a screenshot if you want to compare:

Mac OS X 10.6.8 only supports WEP security on Internet Sharing so you either have to use WEP or no security. Nobody wants uninvited users on their network, so using WEP is recommended. Unfortunately using WEP is what usually causes non-Apple devices to fail to connect to the network.

There is a "trick" to get it to work that I will clearly outline for you here, so you don't have to cobble together the solution from a half-dozen sources that all point in the direction but never actually have all the required steps (as I had to do).

This is the process that worked for me:

• Set a Network Name that does not include spaces or special characters, you may need to reduce the name length (my actual Network Name is 9 characters long)
• Leave the Channel as automatic unless you need to use something specific
• Check the box for "Enable encryption (using WEP)"
• Set the WEP Key Length to "40-bit (more compatible)"

Now comes the arcane step that will allow your non-Apple devices to connect

• You must use a Password containing five HEXADECIMAL values prefixed with a dollar sign ($). The $ prefix tells your Mac you are entering a hexadecimal value. You do not need to use the $ prefix when connecting to the your Mac
• Hexadecimal values contain of a pair of characters which are limited to 0-9 and A-F, so you need to enter a password which starts with $ and then has ten characters which must be numbers or the letters A, B, C, D, E or F. (examples $A1B2C3D4E5, $1234567890, $2FACEDBABE )
• As soon as you enter the $ in the Password field, the WEP Key Length and the OK button will be disabled. When you have entered the same value in Confirm Password (including the $ prefix) then the OK button will be enabled for you to click.
• If you want to use 128-bit encryption, you must enter 13 hexadecimal values, which equates to 26 characters plus the $ prefix. As soon as you type a password longer than described for 40-bit, then the disabled WEP Key Length field will change to 128-bit. (Note: I have not tested that 128-bit actually works)
• Click OK and then check the Internet Sharing box, and then click Start.

You should now be able to connect your non-Apple device (and your Apple devices) to your HotSpot using the new password. Remember, you do not need to use the $ prefix when connecting to your Mac.

If you are still unable to connect to your Mac, it may be because your device is failing to receive an IP Address. This is a common problem with Playstation3 consoles, and there is a fix for that which I will detail in my next post How To: Connect Your PS3 To Mac Internet Sharing WiFi.


Note: This is a follow-up post to Dealing With WiFi Dead Zones.