Hello!
We are trying to let our Mendix application users sign their documents in our application by showing the SignURL in an Iframe in our application. Unfortunately on Iphones this does not work as we get the message that our browser does not accept cookies (browser settings are set to accept cookies).
By googling I found the following as a potentiel source of the issue:
"Most browsers have additional security to ensure that iframes are only allowed when they are from the same domain as the main page. The defaults for these vary by browser version. This security is controlled through SameSite cookies. " Source: Environment Details | Mendix Documentation
and
“The [SameSite] property can be included in all cookies that are returned by the embedded HTTP server. The possible values are Strict, Lax, and None. The default is Strict. Setting it to None is typically needed only when an application is embedded in an iframe of another application with a different domain. Newer browsers may require the connection to be secure (HTTPS) when set to None. If the connection is plain HTTP, then this setting must be changed to Strict (recommended) or Lax.” Source: Runtime Customization | Mendix Documentation
It seems to me that when you want to show a URL with a different domain in your application in an Iframe, the application of the URL needs to have the SameSite property of cookies to “None”. On chrome desktop it does work btw, so the Iphone just seems more strict.
Now I cannot imagine I am the first person trying to let users sign their documents in an iframe, so I was wondering if you can explain how I can get this to work, or if there is anything needed to be configured at the signicat side to get this to work. Or if what we are trying to accomplish is something we should and therefor can not do because of security concerns of course.
Thank you for your time!
Greetings,