Menu
I have a forum-like component which I use in an iframe on other websites. This component uses django-allauth for authentication with Facebook and Twitter. Everything worked fine but now the authentication stopped working some time ago. When I look at the cookies in my browser, the cookies from Facebook/Twitter which are set by the iframe, are not loaded. Although, the cookies from the component itself are set. The authentication still works when I load the iframe on a website which is on another subdomain of the component itself.
Tool on another subdomain (working): https://shop-sandbox.adbuddy.be/discussie/
Tool on a totally different domain (not working): https://mama-calinka.webbuddy.be/discussie/
I guess this problem had something to do with CORS-headers but nothing I've tried helped. Can someone help me with this problem please?
931
asked Sep 18 '25 06:09
If this stopped working only very recently, it could be related to the Chrome's recent breaking change , that in case cookie's attribute SameSite is not explicitely set it defaults to SameSite = Lax, which prevents your browser in cross site requests to sent the cookie over.
I checked your https://shop-sandbox.adbuddy.be/discussie/ - there are many cookies with SameSite empty.
There could be a couple of more reasons, why a browser ignores a cookie in the request and I tried to sum all of them in my blog here
168
answered Sep 20 '25 00:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With