Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

iframe not reading cookies in Chrome

Tags:

javascript

google-chrome

cross-domain

cookies

iframe

Chrome is not allowing a child iframe to read its own cookies.

I have a parent webpage with a child iframe:

  • parent at https://first-site.com
  • child at <iframe src="https://second-site.com"> (inside of parent)
  • cookie set with
    • path: '/'
    • secure: true
    • httpOnly: false
    • domain: '.second-site.com'

I control both sites, and I want the iframe to perform an operation within the iframe that requires reading cookies for .second-site.com. The outer parent doesn't need to know anything about this.

It works in all browsers except for Chrome.

Chrome is simply not making the child page's own cookies available to the child.

Visiting the child page in its own window and performing the operation works in all browsers, including Chrome.

I've tried both of these options in all permutations:

  • Set secure:false or secure:true for the cookie
  • Set sandbox="allow-same-origin allow-scripts" for the iframe, or remove the sandbox attribute

What is Chrome doing differently, and how can an iframe in Chrome access its own cookies?

like image 755
Tyler Avatar asked Jul 14 '17 04:07

Tyler

People also ask

How do I allow cookies in iframe?

It works in all browsers except for Chrome. Set secure:false or secure:true for the cookie. Set sandbox="allow-same-origin allow-scripts" for the iframe, or remove the sandbox attribute.

Are cookies sent in iframe?

1 Answer. Show activity on this post. That's because of the SameSite cookie policy that Chrome defaults to Lax, meaning the cookies won't be sent unless the user can see the URL which excludes iframes.

Does Google Chrome support iframes?

iFrame is not working in Chrome but works in Firefox Google Chrome has a different set of rules when it comes to iFrame and it often blocks the content although it works fine on other browsers. You should also try clicking the shield in the URL title bar because that would also help you see the content.

How do I enable third party cookies on Chrome?

Chrome on AndroidTap the three vertical dots on the top right corner in Chrome and select Settings. Find the advanced section and go to Site Settings. Inside the site settings, tap cookies and tick the “Allow 3rd party cookies” checkbox. Close and reload the browser.

1 Answers

There is a relatively new cookie attribute called SameSite that was being set by my server automatically. Disabling this (while retaining the settings listed in the question) allows the iframe access to its own cookies in Chrome.

See also Chrome feature status & IETF draft

UPDATE Aug 2020

Chrome now blocks cookies without SameSite set, so you need to explicitly set it to samesite=none and secure=true.

like image 50
Tyler Avatar answered Sep 23 '22 07:09

Tyler
Sign in to Comment

Related questions

Is it ok to assign the JavaScript prototype object instead of just its properties?
How to start mouseover event while dragging
Handling dates with Asp.Net MVC and KnockoutJS
How is using Synchronizer Token Pattern to prevent CSRF safe?
import and call a function with es6 [duplicate]
Why am I getting a 'no-unused-vars' warning in a for...of loop and how do I fix it?
Best practices for managing and deploying large JavaScript apps
Make "scrollLeft" / "scrollTop" changes not trigger scroll event listener
Firefox extension to find out which Javascript event is bound to an inspected element?
Example of using github API from javascript
Should data be formatted in the backend or front-end?
Large AngularJS application design
Chart.js pie tooltip getting cut
Exporting a class with ES6 (Babel)
Access to "media keys" from within a browser tab
Alternative to DOMNodeInserted
DOM: why is this a memory leak?
Facebook OAuth "Unsupported" in Chrome on iOS
Chrome Developer Tools keeps breaking where no breakpoints are set
how use const in try catch block [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!