Scenario:
You have a JasperServer deployed and you are trying to display report in our external application using visualize.js which is on different domain. You are facing a cookie blocked issue in Chrome browser. So whenever trying render report, a basic authentication popup will come in and the report loading will be failed. In Mozilla browser, the report will render but with a similar cookie blocked warning.
Chrome Error Message:
This Set-Cookie didn't specify a "SameSite" attribute and was defaulted to "SameSite=Lax," and was blocked because it came from a cross-site response which was not the response to a top-level navigation. The Set-Cookie had to have been set with "SameSite=None" to enable cross-site usage.
Mozilla Warning Message:
Some cookies are misusing the recommended “SameSite“ attribute 4
Cookie “JSESSIONID” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute.
Solution:
Depending on whether JasperServer is accessed over HTTP or HTTPS, the appropriate attribute value will be set for cookies. JasperServer should automatically set the samesite=none;secure if the communication is happening over HTTPS. When dealing with cross-domain requests, running JasperServer on HTTPS is something to consider. See here:
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now