Cross-Domain Cookies
Cookies are one of the methods available for adding a persistent state to websites and they are essential for running Oxygen XML Web Author.
In an effort to enforce more privacy-preserving defaults, modern browsers have changed the default behavior of cookies. They will no longer be set for cross-domain requests by default.
Cross-Domain Cookies and Oxygen XML Web Author
When Oxygen XML Web Author is embedded in an iframe and served from a hostname that is different from the parent web application, the default cookies behavior will prevent it from setting any cookies.
If serving Oxygen XML Web Author on a hostname that is different from the parent web
application is a unavoidable, you can force cookies to be set with the
SameSite=None
attribute and the Secure
attribute. To do
so, you can set the force.cookies.samesite.none
option to
true
.
Note: The
SameSite=None
cookie attribute can only be
set when the Secure
attribute is set, so you will be forced to also serve
Oxygen XML Web Author over HTTPS.