likwid | Posts: 8

Iframe cookie issues

0 votes
Hi there, We are loading our documents in an iframe and are encountering errors with client browsers that have Third-Party Cookies disabled. Here is a sample of the error that is shown in the browser console:
Refused to display 'https://sandbox.e-signlive.ca/login?destination=/packages/ID-REMOVED=/sign' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Is there anything we can do to get around this issue? This will be a big road block for us if we need to tell every user to manually update their browser settings and turn that setting off.

harishaidary | Posts: 1812

Reply to: Iframe cookie issues

0 votes
Hi likwid, Unfortunately, third-party cookies must be enabled in order for the signing ceremony to load. That's how it currently works. This, however, will no longer be an issue when the new signing ceremony rolls out later this year. What I can suggest is to test if your users have third-party cookies enabled (https://stackoverflow.com/questions/3550790/check-if-third-party-cookies-are-enabled) and display the proper error message if they are disabled.

doxsees | Posts: 1

Reply to: Iframe cookie issues

0 votes
Any update on this issue? Will the new signing ceremony require re-implementing our esign flows or will it be backwards-compatible with the existing sdk? How will we be notified when the new signing ceremony is available? Thanks

fleblanc | Posts: 13

Reply to: Iframe cookie issues

0 votes

There was a solution to this problem that was posted here: https://community.onespan.com/forum/cookie-issues-safari Essentially the key is to navigate to a "loading" page (on the same domain as your OneSpan Sign instance) in order to make the user's browser create the required cookie. The details of this approach can be found in the article referenced above. The next version of the signing ceremony will not be cookie-less (there were discussions earlier in the year that it might be) so it will not solve this issue. However to answer your question, the new signing experience will not require changes in your integration. Signers will automatically see the new signing experience for new transactions unless your account is configured to disallow it. Don't hesitate to post any clarifying questions you might have here.


linehammer | Posts: 1

Reply to: Iframe cookie issues

0 votes

You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

I faced the same error when displaying YouTube links. For example: 

https://www.youtube.com/watch?v=8WkuChVeL0s

I replaced watch?v= with embed/ so the valid link will be: 

https://www.youtube.com/embed/8WkuChVeL0s

It works well.

Try to apply the same rule on your case.

 


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off