CODEWITHSUNDEEP
javascriptgoogle-chromecookies
Tyger Guzman
Tyger Guzman

Reputation: 758

Chrome Cross Site Resources - Site Wont Work

I have the below HTML/ASPX page.

Up until today it worked just fine.

Now I am getting a cross-site error, and despite any changes to the Block Third Party Cookies or Adding a site to Allow I cannot get my page to display as before today.

I'm on chrome version 80.0.3987.132 and everything was working fine on this version until I cleared all browsing/cache/cookies history.

The JS script inserts an Iframe into a DIV with specific IDs. I cannot change this behavior as its an API (Spotfire) Is there a way to fix this cross-site resource issues in this type of example?

A cookie associated with a cross-site resource at https://server.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=11"/>
    <meta charset="utf-8">
    <title>Spotfire Template</title>
    <!--Spotfire Javascript API-->
    <script type="text/javascript" src="https://server.com/spotfire/js-api/loader.js"></script>
    <style>
      /*Style the Divs that will hold the Spotfire Pages */
      #Element1 {
        padding: 0;
        margin: 0 auto;
        width: 100%;
        height: 1090px;
      }
      #Element2 {
        padding: 0;
        margin: 0 auto;
        width: 100%;
        height: 1090px;
      }
    </style>
  </head>
  <body>
    <!--Include Div Elements with IDs to hold the spotfire pages-->
    <div id="Element1"></div>
    <div id="Element2"></div>
    <script>
    //Specify Parameters
      var app;
      var doc;
      var webPlayerServerRootUrl = "https://server.com/spotfire/wp/";
      var analysisPath = "/Folder/Analysis";
      var parameters = '';
      var reloadInstances = false;
      var apiVersion = "7.14";
      var customizationInfo = {
        showAbout: false,
        showAnalysisInformationTool: false,
        showAuthor: false,
        showClose: false,
        showCustomizableHeader: false,
        showDodPanel: false,
        showExportFile: false,
        showExportVisualization: false,
        showFilterPanel: false,
        showHelp: false,
        showLogout: false,
        showPageNavigation: false,
        showReloadAnalysis: false,
        showStatusBar: false,
        showToolBar: false,
        showUndoRedo: false
      };
      //Declare more variables to add additonal Spotfire Pages
      var view0;
      var view1;
      spotfire.webPlayer.createApplication(webPlayerServerRootUrl, customizationInfo, analysisPath, parameters, reloadInstances, apiVersion, onReadyCallback, onCreateLoginElement);
      function onReadyCallback(response, newApp) {
        app = newApp;
        if (response.status === "OK") {
          // The application is ready, meaning that the api is loaded and that the analysis path is validated for the current session (anonymous or logged in user)
          console.log("OK received. Opening document to page 0 in element renderAnalysis")
          //Add Items here for more pages , You can use Integers for Page Index or Title of Pages {First Element is the DIV ID and second is the PageName/PageIndex}
          view0 = app.openDocument("Element1", 0);
          view1 = app.openDocument("Element2", 1);
        } else {
          console.log("Status not OK. " + response.status + ": " + response.message)
        }
      }
      function onError(error) {
        console.log("Error: " + error);
      }
      function onCreateLoginElement() {
        console.log("Creating the login element");
        // Optionally create and return a div to host the login button
        return null;
      }
    </script>
  </body>
</html>

Upvotes: 0

Views: 502

Answers (1)

rowan_m
rowan_m

Reputation: 3050

This looks as if you are expecting cookies to be set / sent within the cross-site iframe for server.com. If you control server.com it may be possible to configure its cookies to use the necessary SameSite=None; Secure attributes.

More information about SameSite and the change in general is here: https://web.dev/samesite-cookies-explained

For Spotfire configuration, this page suggests:

config export-config --force
config set-config-prop --name="security.cookies.same-site" --value="None"
config import-config -c "Cookies SameSite=None"

Upvotes: 1

Related Questions