SameSite cookie issue

Shashank · December 5, 2022, 5:52pm

Hi Team,

We are building an hybrid app and enabled full app embedding. When we set cookie flag MB_SESSION_SAMESITE_COOKIE to None the JWT login no longer works in browser (Chrome.edge). But if we do not set this flag charts doesn't load on mobile. Please let us know how to resolve this.

We have hosted our metabase on different domain , backend which redirects to metabase also on different domain.

flamber · December 5, 2022, 5:56pm

Hi @Shashank
Please use the support email when using the Pro/Enterprise plans.
Check your browser developer console, which likely tells you exactly what the problem is.
If you cannot make it work, then you can override/remove headers with a reverse-proxy - not recommended, since it circumvents security measures, but can sometimes be need to support some older implementations.

Shashank · December 5, 2022, 6:08pm

This is the error on Mobile. But if I set same site flag of metabase to None it works for Mobile but on browsers it no longer works

flamber · December 5, 2022, 6:33pm

@Shashank Then set it to None and check your browser console when it doesn't work.

Shashank · December 5, 2022, 6:35pm

Same error. Unauthorized.

Shashank · December 5, 2022, 6:36pm

Is full app embedding not supported on IOS?

flamber · December 5, 2022, 6:55pm

@Shashank Please use the support email when using the Pro/Enterprise plans.

Check your browser developer console.

Export a HAR of the requests, so it is possible to see exactly what is going on.