Hoping the community can point me in the correct direction, we are testing embedding ARIS Connect views into other sites, (the iframe code is taken from the share option in ARIS Connect).

Everything works quite well between sites that share the same domain extention with the ARIS servers:

e.g. server1.domain1.ex will show a iframe from aris.domain1.ex

But.. when we try and embed the view into a different domain

e.g.server1.domain2.ex will fail a iframe from aris.domain1.ex

This seems to be related to new cross-site checks in some browsers that prevent cookies from being loaded due to them being in a different domain. The fix seems to be that cookies need to be updated to work specifically in the context.

See error below from chrome:

Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

Resolve this issue by updating the attributes of the cookie:

  • Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
  • Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests.

Is there a patch level on ARIS that fixes this, or is there a option somewhere that we can change the default cookie settings.