com.mendix.core.SameSiteCookies not working for /xas route

Dear community, I’m acting as the application & integration architect on a project where our client wants to host the Mendix website inside Microsoft Teams as an app. For this we need the SameSite=None; Secure on all relevant cookies because we’re cross origin in the browser (MS Teams in the browser puts Mendix in an <iframe>). Through troubleshooting we noticed that the cookies were set by /xas. We found the custom setting in the first image below that looks like the solution to our problem. So we implemented this and restarted the website with this setting (as set in the second image below). Unfortunately the /xas route was not affected by this change as you can see in the last image below. By manually changing the cookies in the Developer tools of Google Chrome, everything works fine, but we can’t ask our users to do this of course. Is this a bug in Mendix that prevents us from changing the set-cookie settings for /xas? Or is there another hidden setting to update the set-cookie settings to “SameSite=None; Secure” for the Mendix /xas route? Thanks in advance. Kind regards, Jochem Geussens Source:
1 answers

I think you misread the documentation. The value should only be Strict, Lax or None. You now have the value SameSite=None, Secure. So change that to only None.