Cross-Domain Cookies
Cookies are one of the methods available for adding a persistent state to websites and they are essential for running Oxygen XML Web Author.
In an effort to enforce more privacy-preserving defaults, modern browsers have changed the default behavior of cookies. They will no longer be set for cross-domain requests by default.
Cross-Domain Cookies and Oxygen XML Web Author
When Oxygen XML Web Author is embedded in an iframe and served from a hostname that is different from the parent web application, the default cookies behavior will prevent it from setting any cookies.
If serving Oxygen XML Web Author on a hostname that is different
from the parent web application is unavoidable, you can force cookies to be set with the
SameSite=None attribute and the Secure attribute (while
also deactivating the "X-Frame-Options" header that is set to "SAMESITE" by default) by
setting the force.cookies.samesite.none option to
true.Note: The
SameSite=None cookie attribute can only be set when the
Secure attribute is set, so you will be forced to also serve Oxygen XML Web Author over HTTPS.