Same Site by Default Cookie - Workaround by Browsers

book

Article ID: 206489

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

January 2021

Those customers leveraging the embedded iframe app  like Clarity Timesheet within Rally or  Configure Links to External Content With Channels using Google Chrome, we wanted to notify you of a change that will affect this integration.

Google Chrome 80 changes the default behavior of cookies in cross-domain scenarios. Chrome 80 introduces a new default value for cookie attribute: “SameSite=Lax”. (Previously, the SameSite cookie attribute defaulted to “SameSite=None”.)

 

What Does This Mean?

The Clarity/Rally Timesheet integration or any embedded iframe integration that rely on cookies will no longer work in Google Chrome. This change particularly affects – but is not limited to – custom single sign-on, and integrations using iframes.

Other browser vendors have also made these same updates.

Cause

The change is due to the browser's cookie handling mechanism. Details can be found here 

Environment

All Clarity Versions 

Resolution

What Is Being Done To Resolve?

The Clarity Engineering team is developing an API Key capability to support the embedding of apps.  The team has already done some research into this area, and is targeting support in the 15.9.2 release in May 2021.

Is There A Workaround For The Time Being?

Yes, there are browser configurations that can be adjusted to allow this integration to work until the final solution is ready.

Workaround by Browser

The remainder of this document will cover browser configurations that can be made to allow the Clarity/Rally Timesheet integration to work.

Chrome Browser

  • Open Chrome and paste the below into the URL field – Press Enter:

chrome://flags/#same-site-by-default-cookies

  • From the drop-down list select Disabled – Click Relaunch

The Clarity/Rally Timesheet or any iframe embeded integration should now work.

 

Microsoft Edge (Chromium)

  • Open Edge and paste the below into the URL field – Press Enter:

edge://flags/#same-site-by-default-cookies

  • From the drop-down list select Disabled – Click Restart (Similar to the Chrome screen shot above)

The Clarity/Rally Timesheet or any Iframe embeded integration should now work.

 

Firefox Browser

  • Open Firefox and paste the following into the URL field – Press Enter:

about:config

  • If you see a ‘Proceed with Caution” warning - Click ‘Accept the Risk’ and Continue
  • Paste the below into the ‘Search preference name’ field - :

same-site-by-default-cookies

  • Click the Toggle icon to set to ‘false’:

The Clarity/Rally Timesheet or any iframe embeded integration should now work.

 

Safari Browser

  • Open Safari
  • Go to “Preferences > Privacy
  • Uncheck “Prevent cross-site tracking” option

The Clarity/Rally Timesheet or any iframe embeded integration should now work.

Attachments