[NEV-327] ARender Previewer should set Cookie compatible with the iframe integration - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.3.0
Fix Version/s: 10.3.1
Component/s: Nuxeo Connector

Tags:
- nxplatform
Browser:
- Chrome
Team:
PLATFORM
Sprint:
nxplatform #18
Story Points:
1

Description

While deploying the 10.3.0 to Openshift, we've noticed that the authentication part wasn't working correctly, we ended on an Invalid Credentials error when browsing back to the previewer after the OAuth2 challenge.

This was due to a blocked cookie by the browser because the Set-Cookie header from the previewer response does declare Same-Site: Lax and doesn't declare Secure.
As ARender Previewer is integrated into an iframe inside Nuxeo, the header should declare Same-Site=none; Secure to be accepted by a modern browser.

Attachments

Issue Links

is related to

NEV-41 Rework ARender Previewer authentication

Resolved

Is referenced in

PR for 10.3: #185

PR for 10: #209

PR for 10: #246

Activity

People

Assignee:

Kevin Leturc

Reporter:

Kevin Leturc

Participants:

Jenkins, Kevin Leturc

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2020-09-29 09:56

Updated:

2021-08-17 12:59

Resolved:

2020-09-29 12:55

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: