To set a cookie in an iframe that is in a different domain than the parent site, you can use
SameSite=None. These are called third- party cookies.
Here is a site where you can test this https://www.beski.in/demo/test-parent.html .
This works on:
- Chrome (normal)
- Firefox (normal and incognito)
- Edge (normal and incognito)
- Safari (incognito apparently)
This does not work on:
- Chrome (incognito)
- Safari (normal)
This is due to the blockage of third party cookies
This is toggle on Chrome incognito that if it’s disabled, the cookies will work.
For other settings on how to disable this, you can go here https://medium.com/@akohubteam/how-to-enable-third-party-cookies-on-your-browsers-f9a8143b8cc5
Webkit also announced that third-party cookies are disabled by default from 24th of March 2020 and this will roll out eventually on every browser that uses webkit.
I also expect this to be reflected by other browsers in the near future.
If you think you can use
localStorage , think again. That is also blocked when third-party cookies are blocked.
This is great news for security but what about the sites that still need this to work properly? What should iframes use to remember data when they are embedded in other domains? A friend of mine said that iframe are becoming deprecated and embedded widgets are the future.
What do you think?