1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

SameSite 'Lax' cookie restrictions prevent content from properly loading in iframes

Discussion in 'HTML & Website Design' started by Alex100, Sep 1, 2023.

  1. #1
    To enhance the accessibility of web content for my personal use, I've developed a web application that simultaneously loads multiple iframes, each containing a distinct web page.

    As some of you may be aware, the 'SameSite Cookie Policy' restricts the browser from sending cross-origin cookies flagged as 'Lax' or 'Strict' to mitigate Cross-Site Request Forgery (CSRF) attacks.

    My application runs on localhost, and it interacts with web pages hosted on different domain names, resulting in cross-origin requests. One of these web pages uses the 'Lax' attribute for its cookies, which leads the browser to withhold their transmission. Consequently, the web content fails to load properly within its designated iframe.

    I temporarily resolved the issue by manually adjusting the cookies to 'SameSite: None; Secure,' resulting in successful loading of the web page.

    I also attempted to modify my Firefox SameSite settings by setting them to 'false,' but the problem persisted:

    network.cookie.sameSite.laxByDefault: false
    network.cookie.sameSite.noneRequiresSecure: false

    While I acknowledge the importance of security, I believe there should be a way to enable all web pages to load correctly within iframes, especially considering that this HTML tag is still in use and not deprecated.

    There is a web page called 'Bypassing SameSite cookie restrictions,' but I don't see how I can apply any of the advice provided there to my case:

    https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions

    Do any of you have suggestions on how I might address this challenge? I searched for hours but couldn't find a solution.

    Thank you,
    Alexander
     
    Last edited: Sep 1, 2023
    Alex100, Sep 1, 2023 IP