chrome 80 - same-site settings - causing embedded page login issue


Starting February 4, 2020, Google Chrome will stop sending third-party cookies in cross-site requests unless the cookies are secured and flagged using an IETF standard called SameSite.

The above is causing issues on BPM with any embedded pages i.e. using iFrame.

The following flags need to be disabled.

  • Delay the commit to screen for same-origin navigations
  • SameSite by default cookies
  • Enable removing SameSite=None cookies
  • Cookies without SameSite must be secure

It is not a feasible long term solution as the above restrictions are put into place to limit vulnerabilities with cross-site requests.

Is there work in progress to manage the above when using Bonitasoft BPM.

Thank you.

No answers yet.