Welcome Guest, Not a member yet? Register   Sign In
iframe cookie blocked samesite policy

(This post was last modified: 08-03-2020, 08:07 AM by jreklund.)

Since version 84 of chrome, linkedin content iframes are totally blocked and chrome displays the following message :

A cookie associated with a cross-site resource at http://google.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure.

I did a lot of research but I still can't find how I can set up my Content-Security-Policy and my headers exactly so that they accept iframes feeds from linkedin on CI 3.14.

I tried an ini_set in the config.php : 

ini_set('session.cookie_samesite', 'None');
ini_set('session.cookie_secure', TRUE);

I tried to modify the headers : 

$this->output->set_header("Content-Security-Policy", "default-src 'self' *.linkedin.com");

But nothing work at all ... How i can modify my headers, for accept the linkedin feeds iframe as 1-2 weeks ago ?

Thanks a lot by advance

Do your <iframe> work in other browsers? Cookies don't block rendering of an iframe.

If they did the same as Twitch, they blocked iframe access with "Content-Security-Policy". And there are nothing you can do about it. Unless you are using an official API, in that case you need to read the documentation.

READSameSite cookies
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

Theme © iAndrew 2016 - Forum software by © MyBB