-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Iframe embed and third party cookie blocking. #41
Comments
Sorry for the late response. Can you share some more Information about your architecture? Feel free to use example domains but I would like to better understand the use case and where the iFrame comes to play. To question #1: the opaque cookie is generated while sending the response using the set-cookie header. We do not have access to the browsers local/session storage. #2: we are „opening“ the login page based on a browser redirect if the user is not authenticated. The popup idea can not be handled by the relaying party alone. This would require some more integration in your application. |
Most browsers are aggressively blocking cookies when page belonging to different TLD is loaded in an iframe. This also impacts OIDC based integrations where application page is embedded in other portals inside iframe. The current implementation of nginx relies on opaque token sent as cookie.
Are there any plans to provide an alternate option. Some of possible things could be:
The text was updated successfully, but these errors were encountered: