I have an app that lists different in-house and third party apps. There are some apps that are opened in iframe within my app and some of them are SSO enabled. Recently after chrome update to version 84.0.4147.125 the SSO login stopped working for apps in iframe, its working fine when opened in a new browser window.
This behavior isn't occurring in any other browser except Chrome, can any one assist me with this?
Certain cookies are set without the SameSite
attribute.
They must be been blocked, as newer version of Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None
and Secure
To validate this, you can set Chrome flag chrome://flags/#same-site-by-default-cookies
as Disabled
SameSite=None
and Secure
if the cookie should be sent in cross-site requests. This enables third-party use.SameSite=Strict
or SameSite=Lax
if the cookie should not be sent in cross-site requests