Im trying to do full app embedding in a iframe on another domain using SSO.
But after a successful login in the iframe, Im just redirected back to login screen and in console I can see "...metabaseapp.com/api/user/current 401" (Link works fine outside of the iframe)
From the documentation it seems like its related to SameSite cookies
- Optional: when the embedding website is hosted under a domain other than the one your Metabase instance is hosted under, you may need to set the environment variable
MB_SESSION_COOKIE_SAMESITE=None
. Setting the variable toNone
requires you to use HTTPS in Metabase, otherwise browsers will reject the request. Other options for the SameSite variable areLax
(default) orStrict
. Visit MDN to learn more about SameSite cookies.
Im using hosted version of metabase (pro trial version) and I can't see where I can set this value.
Can anyone point me in the right direction?