I have a customer which has been using SuperOffice for almost 2 years now. They intensively use our Service solution and as part of that solution, I have added two web panels in SuperOffice Service which directly load data from their PrestaShop (see screenshot below) and tracking information via B2C. In order for this to work properly, the user needs to logon to PrestaShop and to B2C once in their webbrowser and after that, those credentials are used automatically to load the iFrames in the ticket web panels shown in the screenshot below.
With the latest release of Google Chrome, it appears that the usage of 3rd party cookies (which are used to make the solution described above possible) are no longer accepted by default. Instead, by default, these kind of 3rd party cookies are blocked (more info: https://headerbidding.co/chrome-samesite-cookie-update/).
In short - Chrome has introduced the following change in its latest release (v80), which means:
- Enforce Lax as the default value of the SameSite cookie. That means, if you manually don’t set the value for the SameSite cookies, it will be automatically set to Lax by default. Before, the value of the SameSite cookie was always set to None.
If I inspect the webpage of the ticket, I indeed get an error message which confirms why the web panels are no longer using the cookie information (credentials to access the content directly, in this case) which is similar to the message shown below:
- Is this something that needs to be changed in the cookies of SuperOffice or should our customer contact PrestaShop and B2C to change their cookies to add the SameSite attribute and set it to None & Secure?
If your customer is experiencing the same issue as described above, the current (short-term!) work-around would be:
1) Go to chrome://flags/
2) Use CTRL+F to find the text "SameSite"
3) Change the following two settings to Disabled: SameSite by default cookies & Cookies without SameSite must be secure
Awaiting your response whether this is SuperOffice-related, or if they should contact the other parties (PrestaShop and/or B2C).