Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 3 Current »

If your instance of Flow is going to be included inside an iframe for your uses - then some custom configuration is required. If you don’t you won’t be able to login inside the iframe.

Requires Flow build 16.11.4.1 or greater.

Configuration Changes

In your configuration folder of you Flow instance make the following changes:

C:\inetpub\wwwroot\chameleon\Configurations

  1. With the file named session.settings.config

    1. Create a backup of the file

    2. Edit the file

    3. Replace its contents with the contents from the file session.settings.iframe.config

  2. With the file named httpcookies.settings.config

    1. Create a backup of the file

    2. Edit the file

    3. Replace its contents with the contents from the file httpcookies.settings.iframe.config

  3. You may need to delete the cookies that your browser is caching to allow the new changes to take effect.. The steps for deleting cookies will vary depending on what browser you use. 

image-20241126-202542.png

Clear Your Cookies

If after making these changes you still cannot login - you likely need to clear your cookies. The steps for deleting cookies will vary depending on what browser you use. 

Notes

The web.config file references the modified configuration files.

image-20241126-202725.png

Safari - Permission Required

Safari blocks all third-party cookies by default. To get access to cookies - which we need to even login - we have to use the Storage Access API to request access. That’s after having the user at least click on the site when it’s not framed and create a cookie there.

They describe the requirement here: https://webkit.org/blog/11545/updates-to-the-storage-access-api/

Storage Access API documentation

https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess
https://privacycg.github.io/storage-access/

More references

https://blog.certa.dev/third-party-cookie-restrictions-for-iframes-in-safari
https://stackoverflow.com/questions/59723056/safari-13-iframe-blocks-cors-cookies

-- This means that in effect, the existing cookie must also be set on the same exact sub domain.
https://stackoverflow.com/questions/61019608/cannot-set-cookie-in-iframe-using-the-storage-access-api-on-safari

Safari Login Process

With version 16.12.5.4 there is a possible Safari login process that will look something like this:

The user will try to login but then will encounter an error at which point a new button will appear:

image-20250129-214013.png

The user needs to click the Enable Sign In… button which pops up a page from the site which the user is prompted to enable the use of cookies.

image-20250129-214127.png

When the user clicks the Enable Login button it returns with a message telling them they can now close this window and return to the previous site.

image-20250129-214250.png

When they return to the original site - they should refresh the page and try to login again. Then they will be prompted to allow cookies.

image-20250129-214442.png

After they click allow - they need to:

  • refresh the site again

  • try to login again

at which point they should be able to successfully login.

Future logins won’t prompt them to redo this for some time. I believe Safari requires the user to have direct access to the original site every 30 days. (This is what the popup “My Authorization” page does for them.

  • No labels