Hi there!
I'm experimenting with hosting webpages that embed ignition in an iframe. I tried doing the same as in Ignition Perspective Tomcat X-Frame Options and got a different message from the browser, that being
Cookie “JSESSIONID” has been rejected because it is foreign and does not have the “Partitioned“ attribute.
Turns out, the Partitioned attribute is going live now which means cookies from Ignition embedded in an iframe will be rejected due to not being explicitly declared as Partitioned. Cookies Having Independent Partitioned State (CHIPS) - Privacy on the web | MDN
I can get around this by using an older browser, or by turning off the feature in Firefox, or by making a proxy that rewrites the header, but long term I'd like to be able to supply this flag from Ignition itself.
I could not find a header option that allowed me to simply add the Partitioned flag like I could with Same-Site, so I'm curious if anyone knows of a way to add this flag, or arbitrary text, to http headers from Ignition for the purpose of accepting embeds?
(side note: anyone know if/when Ignition plans on moving from X-Frame-Options to Content Security Policy with frame-ancestors?)