Safari's "Prevent cross-site tracking" causing issues with legit sites?

The “Prevent cross-site tracking” preference has been in Safari since at least iOS 11 and High Sierra (2017?). No idea if it is enabled by default but I have no recollection of ever having to turn it on manually on any device.

Until recently (perhaps the 10.15.4 update?) I’ve never seen it cause any problems. Lately, though, I’ve been running into a few issues where turning it off resolves the problem. Two examples:

  1. Using Office 365 Outlook’s web interface with the Zoom Outlook plugin: when x-site tracking prevention is checked, the plugin prompts you to sign into Zoom but never really authenticates and you can’t use the plugin to add a Zoom meeting to an Outlook appointment. Unchecking the x-site preference (which disables Safari’s blocking of cross-site tracking), allows the Zoom plugin to work as usual.
  2. Tableau’s e-learning site uses single sign on and while it allows you to sign on with the x-site preference checked, it will not show content. Again, unchecking this preference allows the site to function.

Both worked regularly in Safari up until a few weeks ago, although with everything going on, I can’t be sure of a certain date or 100% tie it to the macOS 10.15.4 update.

According to Apple’s 10.15.4 release notes the only change to Safari seems unrelated:

  • Content Blocker extensions delivered with Mac Catalyst apps are now available for use in Safari. (43646265)

I only use these sites on macOS, so I’m not sure if the same occurs in iOS/iPadOS.

If you know of any, I’d love to be able to point these vendors to Apple’s guidance on how to prevent being blocked by this feature in Safari.

Because I completely understand the need for this feature I don’t want to just leave it off for all browsing. So, as a (hopefully temporary) workaround, I have created a Keyboard Maestro shortcut (forgot how annoying it is to try to automate/script Preferences for macOS app) to toggle the preference when I visit one of these sites. If anyone’s interested, I will post it.

Have you installed the supplement update for 10.15.4? I had issues signing back into my school’s Office 365 account after the initial 10.15.4 update. The supplemental update fixed this issue with the Office 365 login page never completing the authentication and allowing access to my files in One Drive.

1 Like

Yes, I applied the Supplemental Update (19E287) a day or so after it came out. Since that was a little more than a week ago, I believe the issues were occurring after the initial 10.15.4 update and remained after the Supplemental Update. But I didn’t make note in my calendar, so just relying on my (unreliable) memory.

PS It would be helpful if Apple would indicate “supplemental updates” in the version number, e.g., instead of having to go to About this Mac > System Report > Software and searching the web on a random string like ‘19E287’.

I’m having the same problem on our LMS, Canvas, where it will not show images because they are probably hosted elsewhere. Turning it off fixes the issue but telling our students to turn off a security feature may cause distrust to our learning management system.

I’ve been having this issue forever and finally decided to do some troubleshooting and look for a solution. I would previously use a new private browser windows and it would auth without a problem so it was never an urgent problem to fix, just a hassle.

A searched high and low on the web, reinstalled the plugin multiple times, disabled content blockers, tried different networks. Eventually I tried unticking “Prevent cross-site tracking” and it worked!