For reasons completely out of my control, here is the current scenario I'm faced with:
I have a product listing on catalog.org
When you click the "Add to Cart" button on a product, it triggers an AJAX JSONP request to secure.com/product/add/[productKey]. This action saves the cart record to the database, sets a cookie containing the cart ID, and returns either true or false based on success
If the response is true, another AJAX JSONP request is made to secure.com/cart/info on catalog.org. This request reads the cart ID cookie, retrieves the record, and shows the number of items in the cart
Upon receiving the response back on catalog.org, the number of items in the cart (if any) is displayed by updating an element on the page
Clicking the "Go to Cart" button on catalog.org then reveals the cart summary on secure.com
This setup functions flawlessly on Firefox 17, Chrome 32, and IE 11, as well as on our development and test platforms where catalog.org is catalog.development.com/test.com and secure.com is secure.development.com/test.com respectively.
However, once we deployed to production, this system ceased to work properly on IE8 - IE10. After adding a product to the cart, the item count updates correctly on catalog.org but fails to display on the cart summary page on secure.com due to an inability to read the cookie. Despite setting a P3P compact policy header on all requests from secure.com, the cookie remains unset. The header we implemented looks like this:
P3P: CP="CAO PSA OUR"
Why hasn't introducing the compact policy header resolved the issue on IE8 - IE10? How can I rectify this across all versions of Internet Explorer?
Solution
There are numerous suggestions listed below, with @sdecima's being selected for its promise. We amalgamated some of these ideas, avoiding XDomainRequest altogether:
- By clicking the "Add to Cart" button, an AJAX JSONP request is sent to secure.com/product/add/[productKey]. In response, the request returns a JSON object signaling either success or failure as well as the cart ID
The next step was altering the action at secure.com/product/add to handle the returned JSON object properties accordingly.
- Following a successful response on catalog.org, another AJAX JSONP request is dispatched to secure.com/cart/info. This request reads the cart ID cookie and gathers information about the cart, revealing the item count
We adjusted the callback function to cater to both response object properties. If the success flag is true and the cart ID exists, a hidden iframe is generated on the page. The iframe's src attribute points to a new endpoint added to secure.com. This action takes a cart ID parameter and sets the cart ID cookie. Consequently, the necessity to set the cookie during the secure.com/product/add action diminishes.
Subsequently, we revised the action at secure.com/cart/info to accept a cart ID parameter. When available, this action utilizes the cart ID provided to fetch the cart details; otherwise, it resorts to attempting to read the cookie. This additional check would be redundant if we could ensure that the iframe had completed loading and the cookie had been saved on secure.com. Unfortunately, due to browser security restrictions, we lack certainty over when the iframe concludes loading on catalog.org.
Lastly, the P3P header CP="CAO PSA OUR" continues to be crucial for ensuring functionality across IE7 - IE10 browsers. (Yes, it now works on IE7 too :)
We've devised a solution (albeit complex) for storing and accessing cross-domain cookies that operates smoothly across major browsers, extending back as far as our reliable testing permits.
We may consider further refactoring. For instance, the second AJAX JSONP request to secure.com/cart/info is somewhat unnecessary given that we can retrieve all requisite data within the original request to secure.com/product/add action (beneficially, error messages indicating why the operation failed can also be returned).