macOS 10.14 Safari and custom URL redirects

ioa's Avatar

ioa

02 Oct, 2018 01:12 PM

We use a custom domain for our help page, which redirects to the specific tenderapp.com URL that is used once you arrive to the page. As far as I can tell, we have all of the DNS settings correct, and indeed this setup has worked flawlessly for years.

But now we have problems with the most recent version of Safari, shipped with macOS 10.14. The problem can be demonstrated thus:

  1. Visit an example.tenderapp.com page that has a custom domain set up for it, and log in.
  2. You should be able to get around within the site with no problems. Cookies are set correctly. Navigate to the Dashboard.
  3. Modify the URL so that it is now http://custom.domain.com/help/dashboard/discussions and press Return to visit.

    At this point you will appear logged out. You will not be, the cookies will still be intact and you will be able to manually browse to the dashboard if you go via the "Support home" link.

Where this is of greatest impact is in the links embedded into every email that is sent out as notification. The URLs use the custom domain of course, meaning every link you click on in an email that loads in Safari ends up in this condition where you appeared logged out.

Attempted Fixes:

  • If one modifies the URL from the email to use the example.tenderapp.com address directly, then they passed straight through. Good as a temporary workaround, but not for customers.
  • I have tried disabling the cross-site tracking checkbox in Safari's Privacy preference pane to no effect.

Given that any email template including the {{url}} token will trigger this problem for Safari users, it will have some impact on users, not just us internally.

  1. Support Staff 1 Posted by Courtenay on 24 Oct, 2018 11:37 PM

    Courtenay's Avatar

    setting cookies across domains has always been imposible, that's why we use a special link that contains the auth information to transfer around domains. it's possible your SSL settings are funky? How is your SSL set up?

  2. 2 Posted by ioa on 25 Oct, 2018 11:40 AM

    ioa's Avatar

    For the redirect to .tenderapp.com itself there is no SSL, the links are
    generated as http://, is that the problem do you think? It seems a bit
    of an odd one if that is the case, if it only impacts one browser on the
    client side.

    As for how we have SSL set up on the main site domain, it's just cookie
    cutter stuff, bought and maintained through the host.

  3. 3 Posted by ioa on 08 Nov, 2018 06:50 PM

    ioa's Avatar

    We are still getting this issue with Safari. Any clues on what might be the cause?

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac