Same site none and secure still doesn't work in case of using an iframe inside the app from a different domain

[Gautami56]

There is an application A abc.com that has an iframe having content from application B xyu.com and showing xyz test page in the application A's iframe

On the xyz ie server end , the changes of samesite=none and secure is done but however the cookies that had the session id were not been passed when we called from iframe

Then figured out that the third party cookies in Google chrome were been blocked and when in settings I manually allowed third party cookies, it started to work and cookies were been passed

Not sure even on making samesite changes at server end ie xyz.com, still it's blocking third party cookies

Can someone help here please

[sdhull]

@Gautami56 have you figured this out yet? I'm a bit stumped too. Everything seems to indicate that 3rd-party cookies should at least be sent from an iframe as long as they're Secure; SameSite=none but that doesn't seem to happen if the Chrome Block third-party cookies option is set:

It would be nice if the maintainers could confirm or deny that this is working/not working as described though /cc @rowan-m

[rowan-m]

When the user chooses to actively block third-party cookies then that will include blocking these cookies.

However, when a user is choosing to restrict third-party cookies, then you could consider adding the Partitioned attribute.

See:

• https://developers.google.com/privacy-sandbox/cookies/prepare/test-for-breakage
• https://developers.google.com/privacy-sandbox/cookies/chips