Based on the Chrome settings here - that where basically turned on in Chrome (and pretty much every other major browser) users that work with me can no longer get content iframed from a different domain.

I get the security - not knocking it. But we are running off of three domains right now and I would like to whitelist - as safe - the other domains so they can play in iframes. Is there a way to whitelist URLs to deem as safe for samesite cookie orientation?

1 Answer

Your problem may be that of Cross-origin resource sharing, defined as:

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

As you control the source websites, the web-servers will need to add to their response the Access-Control-Allow-Origin header, as described in the W3C standard Access Control for Cross-Site Requests.

Specifically for Chrome, you may be able as a stop-gap measure to use the following extensions:

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy