Cookie blocked in Chrome when embed in an iframe

[easychen]

Some users of my website report that login not work when using the code-server embed in an iframe .

This seems to be related to the samesite setting adjusted in the latest version of chrome.

Is it possible to add an optional samesite option to setCookie to support the use of embedded in iframes?

This adjustment only needs to add extra parameters when setcookie, like:

setcookie ('cross-site-cookie', 'name', ['samesite' => 'None', 'secure' => true]);

Thanks.

[kylecarbs]

I think we could do this. cc: @code-asher

[code-asher]

We talked about changing this and decided to leave it at lax to have a better default defense against CSRFs. For anyone with this issue I think we'd recommend making sure all parent and iframe have the same origin.

If the origin isn't the problem let me know the specific setup so we can investigate.