Hybrid app on Mendix 9

0
Hi, we have done an upgrade to Mendix 8 for an app that also has a Hybrid mobile app in the app stores. For Mendix 8 everything is running fine. The next step was to upgrade to Mendix 9 (MTS). After that, the hybrid app is not able to load the initial page (on mobile web-browser no issues). When stripping out all the widgets and just username+password widget and the home page of the user a blank page it is work.  When adding (standard) widgets etc to the page it keeps reloading (building up 100s of anon user sessions as well). We looked into security on pages, entities but nothing works (should also fail on phone web a assume) Has anyone experiences with upgrades to Mendix 9 with Hybrid mobile app?
asked
1 answers
1

This fixed the issue (thanks to Mendix Support):

In Mendix 9 we changed the value of the SameSite setting for all cookies to StrictThis means that cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites. Hybrid apps are running on file:///android_Asset_www.index.html, which means that any request to the Mendix runtime will be considered a cross-site third-party request. This will prevent the hybrid app from sending cookies to the Mendix runtime, as this not the same site. That means that the hybrid app will not send the session cookie, required to authenticate the user. That in turn will result in all request to resources not available to non-anonymous users will fail. 
 
Setting the value of the com.mendix.core.SameSiteCookies runtime setting to None would resolve that issue. Please note that this less secure than setting it to Strict, which is one of the reasons we decided to deprecate hybrid apps in Mendix 9.

After that we needed to add the CSS files of Mendix 9 manually with the ReconfigureStylesheet widget/HTML snippet

answered