Based on the Chrome settings here - that where basically turned on in Chrome (and pretty much every other major browser) users that work with me can no longer get content iframed from a different domain.
I get the security - not knocking it. But we are running off of three domains right now and I would like to whitelist - as safe - the other domains so they can play in iframes. Is there a way to whitelist URLs to deem as safe for samesite cookie orientation?
1 Answer
Your problem may be that of Cross-origin resource sharing, defined as:
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
As you control the source websites, the web-servers will need to add to their response the Access-Control-Allow-Origin header, as described in the W3C standard Access Control for Cross-Site Requests.
Specifically for Chrome, you may be able as a stop-gap measure to use the following extensions:
2