iFrame Cookies security issue Chrome

1
Hi All! I have some issues with an iFrame since Google updated Chrome Security (Cookie policy to be specific) I have an iFrame which displays a QlikSense app. In order for this to work, the authentication is handled with cookies. The problem is that the cookie that handles the authentication is blocked by chrome. After extensive research I found a few things that could lead to a solution, but I can't seem to combine them into something that works.  The SameSite attribute seems to be the issue and the release notes  of Mendix Studio 8.11 seem to address this.  I was hoping I could set a header for the application myself, forcing SameSite to always be none, always allowing cookies from other locations. Something that I found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite   Can anyone help me in finding a solution to allow cookies from other origins within my iFrame? Without the user have to manually click ‘Allow Cookies‘
asked
1 answers
1

Browsers these day’s don’t accept or like 3rd party cookies. A third party cookie is a cookie set by a website that is not on the same domain as the main site you are accessing. The way to get around this correctly is to have a custom domain name that is shared by both the Mendix app and the underlying iFrame. 

Safari has always blocked third party cookies, but it’s only recently that Chrome has updated it’s policies to match. So you should have your Mendix app share the same domain name as your iFrame e.g. both on example.com. 

You would have this seem issue if you were developing in any other language or tool, it’s a browser restriction and not a Mendix specific issue.

I helped develop https://templates.mendix.com/ which leverages iframes to show previews of the apps. Each of the preview apps in the iFrame uses *.mendix.com to ensure that we can set cookies. If i had the underlying iframe apps as *.mendixcloud.com we would have an issue.

I hope this helps?

answered