Browser Settings- IETF Same Site Cookie Attribute
The introduction of the IETF SameSite cookie attribute changed default behavior we are seeing issues with browsers addressing the UMP web pages using the http protocol, resulting in an access denied message. These problems do not occur when https is used and properly configured. A bypass for when http is absolutely required is to disable this new default behavior in the browser.
The following describes the steps required to prevent this occurrence of this issue for each respective browser:
|
| a.
|
Go to: "chrome://flags/#cookies-without-same-site-must-be-secure" |
|
| b.
|
Disable option "Cookies without SameSite must be secure" |
|
| a.
|
Go to: "edge://flags/#same-site-by-default-cookies“ |
|
| b.
|
Disable option "SameSite by default cookies" |
|
| ■
|
Firefox: (works in any version past 75): |
|
| a.
|
In the URL bar, navigate to about:config. (accept the warning prompt, if shown). |
|
| b.
|
Type SameSite into the “Search Preference Name” bar. |
|
| c.
|
Set network.cookie.sameSite.laxByDefault to false using the toggle icon. |
|
| d.
|
Set network.cookie.sameSite.noneRequiresSecure to false using the toggle icon. |
Public Customer/ Channel Url Portal requires a secure connection (HTTPS) as a default Mandatory requirement. Channel and Customer Admin do not need to edit the browser setting IETF SameSite cookie attribute.