Chrome Beta

Hi Nehme,

The reason you are seeing it in the latest Chrome version is because:

"Chrome is updating the security settings for cookies to prevent cross-site cookie sharing. Sites which need to share cookies across site will require an explicit SameSite=None setting set to those cookies."

It's documented from the Chrome Release Note.

(To note: this behavior change might affect Firefox and Edge soon later, as well.)

Our R&D team has been aware of this change, and already deployed a fix to US2 sandbox environment(but only US2 sandbox for the time being). You can have a quick try with US2 sandbox, and I will definitely update this thread once the fix was deployed to CA sandbox.

Duo

Hello Duo,

You mean this URL https://sandbox.esignlive.com is US2??

If so, I have already did a trial in this site but still same issue.

Thanks,

Nehme

Hi Nehme,

The R&D redeployed the fix to the US2 sandbox (https://sandbox.esignlive.com), could you kindly have a try and let me know if the cookie issue has been solved.

Duo

Hello Duo,

Confirmed it is working now in US2 Site.

The fix for sandbox will not solve the issue we will have in our production once chrome rolls out their changes regarding cookies. Our system and client depend on the proper working of esign, hence we will need the fix in production early next week so that we don't face any disruption in providing services to our clients.

Please let me know if the fix that went to sandbox US will also go to production environment in Canada.

Thanks,

Nehme

Hi Nehme,

I've told that there's a plan to deploy the fix to the production environment next Monday (Feb 17th). I will double check with R&D team if you still seeing the issue end of next Monday.

Duo

Hello Duo,

Thanks for sharing this good news. the Fix will be deployed to Canada SandBox and Canada Production?

Please keep me updated about this issue. In my company email which already you have it.

Thanks!!

Nehme

Hi Nehme,

I has been informed the schedule for the "Chrome 80 cookie policy change" fix, the deployments start from this afternoon.

For Canada Sandbox, it should be deployed already last Friday.

For Canada Production, the fix will be applied tomorrow morning. (Tuesday, 15th Feb)

Duo

Is or will this fix be available for those running OneSpan on prem?  We run OneSpan on prem and we are in the process of trying to integrate the designer using an iframe and came across this issue.  If it is available can you let me know what version?  We are currently developing against an older version but we just spun up a new server with 7.2. but I suspect we may need a more recent version.

Thanks,

Tricia

Hi Tricia,

First I want to confirm with you: is the error caused by the chrome updates or a general third-party cookie issue, you can have a quick test from below perspectives:

(1) Can you check the cookie settings of your browser if you've enabled the third-party cookie?

(2) If you have a SaaS account, for example US2 sandbox account, can you try the same flow to see if you'll hit the same error message? - to check if the fix at cloud environments could solve your issue

Duo

Good Morning Duo,

Just to confirm when I try to access the designer in an iframe it does not load and within developer tools I see the following error:  

Refused to display 'https://servername/a/login?destination=/a/transaction/NLSGgqHCjJKL09UqKDE5-BJCk2Y=/designer' in a frame because it set 'X-Frame-Options' to 'sameorigin'. 

I am running the latest version of Chrome (84.0.4147.89). 

I did a couple of things to confirm it appears to be the same issue.  

1) Within Chrome settings, under cookies and other site data I did change my option to 'Allow all Cookies' and that did not fix the behavior.

2) As you also recommended, I pointed our environment to the sandbox which is running 11.35 (https://sandbox.esignlive.com/)  I did this using the same settings that did not work against our On Prem version and I was able to load the designer in an iframe. 

3) We also pointed our dev environment against our newest One Span Stage environment (remember we are running On Prem) which is 7.2. and I am still seeing the issue where I cannot load the designer.  

4) After reading many articles about this Chrome change, I also went into my Chrome flags (chrome://flags/) and searched for a flag called 'SameSite by default Cookies'.  Mine was set to Default.  I changed it to Enable and I continued to see the behavior where the iframe would not load.  When I changed it to disable then the iframe did load.  I think this confirms that this setting is causing the issue. 

Here is a good reference for the Chrome Samesite changes they just started gradually rolling out on July 14:  https://www.chromium.org/updates/same-site

So now the question is how to we get the fix that was implemented in your Saas in our on Prem version?  Correct me if I am wrong but I believe this is the fix for the issue, which I found in your published release notes.

• PB-40750: Removed a cookies warning that needlessly appeared when the Designer page was integrated in an iFrame on Chrome 80.

I greatly appreciate your help on this matter.

Thanks,

Tricia