Tyger Guzman 2 Posted March 16, 2020 Share Posted March 16, 2020 I've used thehttps://community.spotfire.com/wiki/tibco-spotfire-javascript-api-overviewto view Spotfire reports in html/aspx pages. Today after clearing all cache and cookies / browsing historyall my pages stopped loaded getting an error of : A cookie associated with a cross-site resource at https://server.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. And Spotfires onReadyCallback funcitonreturning : Status not OK. ERROR: Third party cookies must be allowed for domain 'https://server.com'. I've triedBlock third-party cookies settings on Chrome toggling the settings , adding sites to the ALLOW section with no luck. Looking at Chrome Release notes there was changes after version 80 that are suppose to block SameSite/CrossSite cookeis that don't have the SAMESITE attribute. I'm at a loss on how to update the HTML/ASPX/Javascript below to accomidate that. I've been running the version80.0.3987.132 of chrome for a while now and didn't have any trouble till today when doing a full browswer history clear. Does anyone have any suggestions Spotfire Template /*Style the Divs that will hold the Spotfire Pages */ #Element1 { padding: 0; margin: 0 auto; width: 100%; height: 1090px; } #Element2 { padding: 0; margin: 0 auto; width: 100%; height: 1090px; } //Specify Parameters var app; var doc; var webPlayerServerRootUrl = "https://server.com/spotfire/wp/"; var analysisPath = "/Folder/Analysis"; var parameters = ''; var reloadInstances = false; var apiVersion = "7.14"; var customizationInfo = { showAbout: false, showAnalysisInformationTool: false, showAuthor: false, showClose: false, showCustomizableHeader: false, showDodPanel: false, showExportFile: false, showExportVisualization: false, showFilterPanel: false, showHelp: false, showLogout: false, showPageNavigation: false, showReloadAnalysis: false, showStatusBar: false, showToolBar: false, showUndoRedo: false }; //Declare more variables to add additonal Spotfire Pages var view0; var view1; spotfire.webPlayer.createApplication(webPlayerServerRootUrl, customizationInfo, analysisPath, parameters, reloadInstances, apiVersion, onReadyCallback, onCreateLoginElement); function onReadyCallback(response, newApp) { app = newApp; if (response.status === "OK") { // The application is ready, meaning that the api is loaded and that the analysis path is validated for the current session (anonymous or logged in user) console.log("OK received. Opening document to page 0 in element renderAnalysis") //Add Items here for more pages , You can use Integers for Page Index or Title of Pages {First Element is the DIV ID and second is the PageName/PageIndex} view0 = app.openDocument("Element1", 0); view1 = app.openDocument("Element2", 1); } else { console.log("Status not OK. " + response.status + ": " + response.message) } } function onError(error) { console.log("Error: " + error); } function onCreateLoginElement() { console.log("Creating the login element"); // Optionally create and return a div to host the login button return null; } Link to comment Share on other sites More sharing options...
Jens Borgland Posted March 16, 2020 Share Posted March 16, 2020 This is due to a change in the behavior of the Chrome browser (and other browsers are likely to follow). For more information, and instructions on how to resolve it depending on your use case, see this Support article:https://support.tibco.com/s/article/Tibco-Spotfire-JavaScript-Mashup-API-stops-working-in-Chrome-due-to-SameSite-problem Link to comment Share on other sites More sharing options...
Tyger Guzman 2 Posted March 16, 2020 Author Share Posted March 16, 2020 I'm not entirely understanding the instructions on the resolution Could you elaborate on what needs to be checked/updated Link to comment Share on other sites More sharing options...
Jens Borgland Posted March 16, 2020 Share Posted March 16, 2020 I assume that your mashup and the Spotfire Server are not hosted under the same domain (like mashup.example.com and server.example.com) If they had been then you probably wouldn't have had any problems since it appears that you're using https. This means that you will have to disable SameSite cookies on your Spotfire Server according to the instructions here. Note that a prerequisite is to be on LTS 7.11.9, LTS 10.3.6, 10.8.0, or later mainstream versions since a recent Tomcat version is needed (and that is included with the mentioned Spotfire Server versions). Link to comment Share on other sites More sharing options...
Tyger Guzman 2 Posted March 16, 2020 Author Share Posted March 16, 2020 Thank you for the information. I'm on LTS 10.3.1 does this mean there is no fix Link to comment Share on other sites More sharing options...
Jens Borgland Posted March 18, 2020 Share Posted March 18, 2020 There is a fix - but the first step would be to upgrade to10.3.6 or later. Note that a security advisory was recently announced so you should upgrade to 10.3.7 or later anyway. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now