SameSite= "None" and Secure works in chrome but not in an embedded iframe

I deployed my site on a Https server and opened the website on chrome. Everything was working. I use nextJs, passportjs, passport-auth0, and experssJs to handle authentication. I also use the classic login experience. I have set sameSite =“none” and secure= true in my experssJs server.

I then embedded the website in an iFrame. The website shows up correctly, I go to /login everything works but when login is successful and the /callback gets called it goes in an infinite loop and gives me the too many redirects error. I know this has to be an issue with the callback not being able to accurately read the cookies or that the cookies were just ignored by Chrome.

Note: Everything works fine in Firefox.

I am trying to build my website so it can be embedded in other websites, but this is becoming a blocker for me.

1 Like

Any updates here? I just bought the custom domain to make sure the cookies are coming from the same domain but running into the same issues with the infinite loop.

1 Like