I'm actually working on a phoenix app which I require to render in some websites embeded on an iframe, I finished coding the logic but I found that it was only working on Firefox, when using it on Chome or Opera, it end on an infinite loop recharging trying to render the content, throwing the following warning:
I was trying to allow this with the extra option like this with no success.
@session_options [
store: :cookie,
key: "_analytics_key",
signing_salt: "BM3P8GYS",
extra: "SameSite=None;",
]
and then I found that on the last version of the Endpoint it had an specific option for this cookie called same_site, so I tried like this but I got the same results:
@session_options [
store: :cookie,
key: "_analytics_key",
signing_salt: "BM3P8GYS",
same_site: "None",
#extra: "SameSite=None;",
secure: true
]
and everytime it fails rendering I got this logs on my console:
Anything seemed to work, but I found that removing the connect_info from the websocket on the endpoint automatically solved the issue, just like this:
# socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]
socket "/live", Phoenix.LiveView.Socket, websocket: []
But this will affect things like guardian and I guess a few security things, so I was looking for a way to remove this ONLY when trying to render the page on the iframe, I was thinking on a plug to do this but I don't know if this is possible for this specific part, maybe anyone know about something I could do here to accomplish what I want? Thanks in advance!
You need to configure csp headers when embedding in another page/site. An leave connect_info like it is default.