Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow execution in third party contexts

See original GitHub issue

We want to use RUM in our plugin, the plugin is loaded into an iframe of another company’s application, but the recent samesite attribute change, which I understand is needed, prevents us from using RUM, due to that the cookie test fails when samesite=strict

I found this page that talks about the samesite attribute and third party contexts. And as a workaround I created my own RUM sdk version, were I instead of samesite=strict use samesite=none; secure and that works fine, but it would be better if this was supported out of the box.


Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:6
  • Comments:12 (2 by maintainers)

github_iconTop GitHub Comments

bcaudancommented, Sep 9, 2020

This is available in 1.19.0 with useCrossSiteSessionCookie: true init configuration. Let us know if there is any trouble.

nilolscommented, Aug 24, 2020

How does this prevent you to use RUM? Is there a browser error?

The checkCookiesAuthorized test fails and Cookies are not authorized, we will not send any data. is printed in the console log

Is your plugin iFrame has a src attribute?

Yes, and with another domain name then the page currently visited

The changes I did to get it to work was this image

Read more comments on GitHub >

github_iconTop Results From Across the Web

Android: arbitrary code execution via third-party package ...
At the moment the module is loaded, code from it is executed in the context of the main app – leading to arbitrary...
Read more >
Cisco Security Appliance Command Line Configuration Guide ...
This chapter describes how to use security contexts and enable multiple context mode. This chapter includes the following sections:.
Read more >
To Tame Third-party Script Execution With Task Capabilities
One the one hand, non-risky tasks that execute from code in the main context without involving risky code are always allowed by the...
Read more >
Storage Access API - MDN Web Docs - Mozilla
The API provides methods that allow embedded resources to check whether they currently have access to their first-party storage, ...
Read more >
Understanding Execution Context and Execution Stack in ...
Your tip will go to Sukhjinder Arora through a third-party platform of their choice, letting them know you appreciate their story. Give a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found