macOS 10.14 Safari and custom URL redirects

ioa's Avatar

ioa

02 Oct, 2018 01:12 PM

We use a custom domain for our help page, which redirects to the specific tenderapp.com URL that is used once you arrive to the page. As far as I can tell, we have all of the DNS settings correct, and indeed this setup has worked flawlessly for years.

But now we have problems with the most recent version of Safari, shipped with macOS 10.14. The problem can be demonstrated thus:

  1. Visit an example.tenderapp.com page that has a custom domain set up for it, and log in.
  2. You should be able to get around within the site with no problems. Cookies are set correctly. Navigate to the Dashboard.
  3. Modify the URL so that it is now http://custom.domain.com/help/dashboard/discussions and press Return to visit.

    At this point you will appear logged out. You will not be, the cookies will still be intact and you will be able to manually browse to the dashboard if you go via the "Support home" link.

Where this is of greatest impact is in the links embedded into every email that is sent out as notification. The URLs use the custom domain of course, meaning every link you click on in an email that loads in Safari ends up in this condition where you appeared logged out.

Attempted Fixes:

  • If one modifies the URL from the email to use the example.tenderapp.com address directly, then they passed straight through. Good as a temporary workaround, but not for customers.
  • I have tried disabling the cross-site tracking checkbox in Safari's Privacy preference pane to no effect.

Given that any email template including the {{url}} token will trigger this problem for Safari users, it will have some impact on users, not just us internally.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac