Wappler Version : 4.9.1
Operating System : W10
Server Model: NodeJS
I am using a Wappler website as an embeddable widget using iFrame.
When the iframe is launched, I save some values in session using the server side data Server Action.
Then, on the page, various server connects call server actions which use those session values.
This works find in Chromium browsers. But in Safari (macOS & iOS), its does not work most of the time.
I put in some logs to identify that even though I sam saving Session values in the server side SA, they are not being actually stored.
The website where this iFrame is loaded is on a different domain than the widget website.
Please help.
Have you checked Safari’s developer console to see if there are any errors/warning? Indeed, sounds like some safety measures that could be solved with certain headers
Nothing in console. The issue is on the server side data SA - which is called before the page is loaded, so don’t think client side will be helpful here.
I did find something about a P3P header… but no idea how/where to set it up.
Could this be a matter of Safari not persisting cookies? This can be verified on the network tab, if the cookies header is always sent after the initial set or not
I believe the developer tool would show the requests for whatever’s loaded inside the iframe, yes. I’m referring to the network tab where you can see the API calls
Unfortunately, I don’t have experience with that sort of situation, but it would be useful to verify if that’s indeed the case about the cookies
Hi @sid,
If you have set samesite=none and the problem still persists, this may be difficult to fix. Because safari discards the cookie and session information used in the iframe.
If you have the opportunity, maybe you can find something by testing it with old versions of safari. good luck
samesite is a property of a cookie, so you modify that on your security provider in Globals.
I had what I think is a similar issue that only showed up on iOS. When returning to a previously opened browser window, the user would not be logged in when the window was automatically refreshed, but on subsequent requests, everything would be fine. It came down to the samesite setting which was preventing sending of previously stored cookies on requests that were not triggered by user action (like the refresh).
My problem does not involve security provider unfortunately. I am just setting a server side session on server side data server action, and then use it in other server connect - API calls.
Any option to set this cookie behviour elsewhere?
@patrick Seeing same issue with Chromium browsers now. So the widget is unusable at the moment and has broke for production users.
Please help!
All I could find on StackOverflow around this is that I need to set cookie to be secure & httpOnly & sameSite none.
From what I can see in the lib/setup/config.js file, its already set like that.
What am I missing?
