+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: iframe cookie blocked samesite policy (/showthread.php?tid=77216)
iframe cookie blocked samesite policy - loxi_kal - 08-03-2020
Since version 84 of chrome, linkedin content iframes are totally blocked and chrome displays the following message :
A cookie associated with a cross-site resource at http://google.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure.
I did a lot of research but I still can't find how I can set up my Content-Security-Policy and my headers exactly so that they accept iframes feeds from linkedin on CI 3.14.
I tried an ini_set in the config.php :
Code:
ini_set('session.cookie_samesite', 'None');
ini_set('session.cookie_secure', TRUE);I tried to modify the headers :
Code:
$this->output->set_header("Content-Security-Policy", "default-src 'self' *.linkedin.com");But nothing work at all ... How i can modify my headers, for accept the linkedin feeds iframe as 1-2 weeks ago ?
Thanks a lot by advance
RE: iframe cookie blocked samesite policy - jreklund - 08-03-2020
Do your <iframe> work in other browsers? Cookies don't block rendering of an iframe.
If they did the same as Twitch, they blocked iframe access with "Content-Security-Policy". And there are nothing you can do about it. Unless you are using an official API, in that case you need to read the documentation.
RE: iframe cookie blocked samesite policy - InsiteFX - 08-03-2020
READ: SameSite cookies