chrome 80 - same-site settings - causing embedded page login issue
Starting February 4, 2020, Google Chrome will stop sending third-party cookies in cross-site requests unless the cookies are secured and flagged using an IETF standard called SameSite
.
The above is causing issues on BPM with any embedded pages i.e. using iFrame.
The following flags need to be disabled.
- Delay the commit to screen for same-origin navigations
- SameSite by default cookies
- Enable removing SameSite=None cookies
- Cookies without SameSite must be secure
It is not a feasible long term solution as the above restrictions are put into place to limit vulnerabilities with cross-site requests.
Is there work in progress to manage the above when using Bonitasoft BPM.
Thank you.
Hello,
here some news regarding this Same-site update,
we just published a blog post : https://community.bonitasoft.com/blog/manage-web-browsers-new-cors-behavior,
to explain more what happens, and how to manage the possible side effects.
Hope this helps,
Julien.
Hello,
Thanks for the warning. We are closely following this subject.
Since the latest event related to COVID-19, the Chrome team has postponed the rollout of this new behavior.
https://blog.chromium.org/2020/04/temporarily-rolling-back-samesite.html
Stay tuned, we might have some news regarding "SameSite" cookies in our next release 7.11 release (June 04 2020)
We will let you know on this topic, as soon as we have more information about this.
Comments
Hello Tanya,
to help us to better understand your concern, can you please provide
Regards
Thomas