I have several wordpress sites that run on a rhel7 box that I admin. All of the sites use a custom SSO plugin that I wrote.
Today I was told that other sites were having issues accessing one of our sites. So site x.com has our site (y.com) iframed on one of its pages and gets stuck in a loop and gets the following browser error below.
I did set php (7.3) session variable for samesite to Secure and I can get to random webpages on the server but no pages that require a WP login (which again is passed through our SSO). So how do I check the specific samesite settings on WP site, how do I change them, and is there a best practice for this setting?
Also it would be great is some could explain to me why chrome is stopping an iframe from loading. Site y.com is in no way trying to pass info on to x.com. We are just trying to play a video from the site. This seems completely insane that this would be stopped by a browser. We did check and it plays in IE and users can also go directly to the link and play it. I am the admin for the sites and server (not cloud hosted) so I can make any changes needed.
A cookie associated with a cross-site resource at
https://xxxxxxxxxxxxxxxxx.com/ was set without theSameSite
attribute. It has been blocked, as Chrome now only delivers cookies
with cross-site requests if they are set withSameSite=Noneand
Secure. You can review cookies in developer tools under
Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.
