Allow execution in third party contexts

[nilols]

We want to use RUM in our plugin, the plugin is loaded into an iframe of another company's application, but the recent samesite attribute change, which I understand is needed, prevents us from using RUM, due to that the cookie test fails when samesite=strict

I found this page that talks about the samesite attribute and third party contexts. And as a workaround I created my own RUM sdk version, were I instead of samesite=strict use samesite=none; secure and that works fine, but it would be better if this was supported out of the box.

[bcaudan]

Hi @nilols,

In order to better understand your issue:

• How does this prevent you to use RUM? Is there a browser error?

• Is your plugin iFrame has a src attribute?

Thanks

[nilols]

How does this prevent you to use RUM? Is there a browser error?

The checkCookiesAuthorized test fails and Cookies are not authorized, we will not send any data. is printed in the console log

Is your plugin iFrame has a src attribute?

Yes, and with another domain name then the page currently visited

The changes I did to get it to work was this

[nilols]

Maybe this https://blog.chromium.org/2019/10/developers-get-ready-for-new.html explain the issue with samesite=strict, for third party context, better then I do

[bcaudan]

OK, I did not realize that execution in an iFrame was considered as a third party context.

We could probably allow this behavior through a dedicated configuration parameter, we'll discuss it internally.

[bcaudan]

This is available in 1.19.0 with useCrossSiteSessionCookie: true init configuration.
Let us know if there is any trouble.

[gevalter]

Hey, I have this issue too with the same use case - my company iframes are in other sites and im getting:
"...Cookies are not authorized, we will not send any data." from checkCookiesAuthorized ... my datadog init is:

datadogRum.init({ applicationId: 'xxxxxxxxxxxx', clientToken: 'xxxxxxxxxxxxx', site: 'datadoghq.com', env: xxxxx, service: 'xxx', version: '1.0.0', useCrossSiteSessionCookie: true, trackSessionAcrossSubdomains: true, sampleRate: 100, trackInteractions: true });
tried with version 1.19.0 - 1.21.0 without any success...
I don't have any control over the original sites containing our iframes, is there any solution for this?

[bcaudan]

Hi @gevalter,

There is indeed still an issue with this but a fix should be released today, cf #555

[BenoitZugmeyer]

The fix has been release as part of v1.24.0.

[gevalter]

tried to upgrade to 1.24.0 but still the same cookies warning and no data on the datadog website... Is this ability of iframe tracking is compatible with the datadogRUM SDK?

[BenoitZugmeyer]

@gevalter: By using using useCrossSiteSessionCookie, you have to use HTTPS websites. Is the top-level website and iframed website in HTTP or HTTPS?

[gevalter]

oh you right, changed to https and all works, thanks!

[faizan-ali]

Still seeing this issue:
Cookies are not authorized, we will not send any data

I have RUM running inside an iframe, seems like this should work as per #555

EDIT: Ah duh cross origin issues b/w localhost and my iframed app - this is only an issue in local dev.