Edit online

Cross-Domain Cookies

Cookies are one of the methods available for adding a persistent state to websites and they are essential for running Oxygen XML Web Author.

In an effort to enforce more privacy-preserving defaults, modern browsers have changed the default behavior of cookies. They will no longer be set for cross-domain requests by default.

Cross-Domain Cookies and Oxygen XML Web Author

When Oxygen XML Web Author is embedded in an iframe and served from a hostname that is different from the parent web application, the default cookies behavior will prevent it from setting any cookies.

If serving Oxygen XML Web Author on a hostname that is different from the parent web application is a unavoidable, you can force cookies to be set with the SameSite=None attribute and the Secure attribute. To do so, you can set the force.cookies.samesite.none option to true.
Note: The SameSite=None cookie attribute can only be set when the Secure attribute is set, so you will be forced to also serve Oxygen XML Web Author over HTTPS.