2

Based on the Chrome settings here - https://www.chromium.org/updates/same-site/test-debug that where basically turned on in Chrome (and pretty much every other major browser) users that work with me can no longer get content iframed from a different domain.

I get the security - not knocking it. But we are running off of three domains right now and I would like to whitelist - as safe - the other domains so they can play in iframes. Is there a way to whitelist URLs to deem as safe for samesite cookie orientation?

blankip
  • 206
  • 1
  • 6
  • 15

1 Answers1

2

Your problem may be that of Cross-origin resource sharing, defined as:

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

As you control the source websites, the web-servers will need to add to their response the Access-Control-Allow-Origin header, as described in the W3C standard Access Control for Cross-Site Requests.

Specifically for Chrome, you may be able as a stop-gap measure to use the following extensions:

harrymc
  • 498,455