We have a shopify app which is build using Django which is working fine on Chrome or windows. But when used in Safari its not working. We are getting Internal Server errors. I am attaching the screenshot below.
Topic summary
Issue: A Shopify app built with Django throws Internal Server Errors when loaded in Safari, while working fine in Chrome/Windows.
Cause: Safari blocks cookies in iframes, which prevents Django’s CSRF cookie from being set/accepted. CSRF (Cross-Site Request Forgery) protection in Django relies on this cookie; its rejection triggers CSRF validation failures and server errors.
Resolution: The team removed Django’s default CSRF middleware and implemented custom authentication middlewares that do not depend on the CSRF cookie in the iframe context.
Status: Resolved. A follow-up asked if a solution was found; the original poster confirmed the fix.
Notes: A screenshot of the error was mentioned but is not essential to understand the root cause or solution.
Were you able to find a solution to this?
It was because safari blocks all the cookies in iframe. That’s why we were getting this issue. As django uses csrf middleware it will cause error as csrf cookie will be rejected by safari. We removed the csrfmiddleware and came up with our own middlewares for authentication.