Hi dojo,
I would like to embed a webpage on a Low-Code App. The web shows the login page, but when I type the correct credentials, I received an unauthorized error. I saw the following warning on DevTools:
Why App couldn't manage correctly the login process? Could it be related to Chrome browser? With Mozilla login works properly.
Thanks!
Hi Daniel,
I think the reason the embeded site does work on Firefox but not on Chrome is because of a difference in the default value for the 'SameSite' property of a cookie.
In Chrome, if the 'SameSite' property is not set, it will default to 'Lax' which causes it to break in the case the website is embeded. Firefox claims that they also have 'Lax' as the default value, but I checked this and it doesn't seem to be the case. You can verify this by opening a new tab in firefox and in the url bar, navigate to 'about:config' and search for the 'network.cookie.sameSite.laxByDefault' setting. If this is set to true, Firefox should behave the same as Chrome, but if it is set to false, it explains why the embeded site works on Firefox but not on Chrome.
If you want to get the embeded website working on Chrome, changes will have to be made to the webserver serving the Kubernetes webpage so that it sets the cookie with 'SameSite=None'.
Kind regards,
Hi Daniel,
You are correct on that.
Kind regards,
Hello Seppe,
Thank you so much for your explanation. So, from Low-Code App side, I can’t do anything to ‘bypass’ this situation. Am I right?
Regards,