+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: SameSite := ssoNone is not added to header response (/thread-3570.html)
SameSite := ssoNone is not added to header response - mhammady - 10-14-2023
I need my app to be used from an iframe. When I set up a standalone server to use SSL and set CookieOptions.SameSite=ssoNone, the SameSite=None is not written resulting in the web browser considering it absent and defaulting to SameSite=Lax
I've seen this behavior in Chrome & Edge. With Firefox if SameSite=None is missing consider it as "None"
Can anyone please advise why SameSite is not showing when set to None?
PS: IW15.2.65
Thank you
RE: SameSite := ssoNone is not added to header response - Alexandre Machado - 10-16-2023
Not sure how to change this behaviour without changing IW's source code... Browsers are adopting Lax whenever the attribute is empty or doesn't exist, indeed.
I'll give it a thought. In our code base this has been fixed already
RE: SameSite := ssoNone is not added to header response - mhammady - 10-17-2023
Thanks Alex, so the solution is to upgrade to the latest version? Fixed in v 15.4.x?
RE: SameSite := ssoNone is not added to header response - Alexandre Machado - 10-17-2023
It will be available in the next update. If you've been using the latest version, please wait a few more days and we can release an update for it.