Product: TIBCO Spotfire®
MOD Visualizations are rendered blank with the following message "Third-party cookies must be enabled in your browser to use this visualization".
The MOD visualization is rendered as a blank DOM element on the Web Player in Chrome latest upgrades. This behaviour shall also be seen in other browsers going forward even though at present it might be rendering as expected ( As the browsers slowly introduce this change).
The following message displayed on the MOD element "Third-party cookies must be enabled in your browser to use this visualization".
This is because starting from Chrome version 80 the cookies will be withheld on cross-site requests (such as calls to load images or frames) by default. Mods visualizations are rendered in a sandboxed iframe which will no longer send cookies in HTTP requests to load the resources because the cookies will be treated as SameSite=Lax
by default which means that any resource referenced from inside the MOD will fail to load breaking the visualization as the cookies will be withheld on cross-site requests.
There can be references made to the third party Libraries/resources in the MODS code and thus brings in the scenario of cross site cookie blocking. It is a system requirement to have a Spotfire Server configured on HTTP[S] so that the SameSite cookie attribute can be set to None and Secure in order to send the required cookies and load the MOD visualizations successfully.
SameSite Cookie Attribute
Spotfire Web Player System Requirements (Spotfire visualization mods)
https://docs.tibco.com/pub/spotfire/general/sr/sr/topics/tibco_spotfire_web_player.html
Note that this requirement is due to the security implementations in the recent Chrome upgrades and many other browsers are soon to follow the same. Changes to SameSite Cookie Behavior – A Call to Action for Web Developers
https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
SameSite Updates
https://www.chromium.org/updates/same-site
Comments
0 comments
Article is closed for comments.