iOS Safari PWA limitations on cross origin iframes / localStorage / cookies

I've been having real trouble using a third party to manage cryptographic signing of content with my web app. This works perfectly when the webapp is added to Homescreen and the webmanifest is set to

"display": "browser"


However, as soon as the app is set to

"display": "fullscreen"


functionality is broken as it behaves as if it is a standalone app, preventing access to the service provider's iframe within my app. Essentially it exhibits behaviour as if `Prevent Cross-Site Tracking` is on, even though I have this switched off in Safari's Settings.
The solution might be to allow a setting `Prevent Cross-Site Tracking For WebApplications` to be switched off.
Essentially I need to be able to allow Cross Site LocalStorage so that when I load the iframe to www.somesite.com, it is allowed to access localStorage for www.somesite.com within the PWA.
I would like everything else to stay the same, essentially just allowing a fullscreen experience of the safari page.

Replies

I have exactly the same problem.


I'm just embedding an aws quicksight dashboard.

Probably has to do with irt.dev/ios-14/#service-workers-in-web-views

App-Bound Domains
What this new feature brings to the table is a way for developers to restrict in-app navigation to a number of domains and in turn, guaranteeing more security for the end-users. These “app-bound” domains are specified in the info.plist file, under the WKAppBoundDomains key, like so:
<plist version="1.0">
<dict>
<key>WKAppBoundDomains</key>
<array>
<string>example1.com</string>
<string>example2.org</string>
...
</array>
</dict>

With the App-Bound Domains enabled, we can now have service workers registered: