chrome 80 - same-site settings - causing embedded page login issue
Starting February 4, 2020, Google Chrome will stop sending third-party cookies in cross-site requests unless the cookies are secured and flagged using an IETF standard called
The above is causing issues on BPM with any embedded pages i.e. using iFrame.
The following flags need to be disabled.
- Delay the commit to screen for same-origin navigations
- SameSite by default cookies
- Enable removing SameSite=None cookies
- Cookies without SameSite must be secure
It is not a feasible long term solution as the above restrictions are put into place to limit vulnerabilities with cross-site requests.
Is there work in progress to manage the above when using Bonitasoft BPM.