Even though I set samesite=none and secure, I cannot set the cookie on an iFrame from the server nor in JavaScript.
A number of stack questions talk about Aug 2020 being when Chrome started requiring both of the above settings.
This is fine, but even when I attempt to use JS as below:
document.cookie = "my_cookie4=cookie_value4; secure; samesite=none";
I can't seem to set a cookie in the iframe. I'm using Chrome's Application inspector to see what cookies are being applied with what settings and I'm setting it in JS to bypass servers.
I'm using a locally signed+accepted SSL for https, but I doubt that is the issue. But just in case:
- Website is:
https://localhost:4000 - iFrame is:
https://test-domain.partner.lvh.me:3000
If I visit the iFrame's URL directly everything works perfectly as expected. samesite is none, secure is present, etc.
