Edit online

Cross-Domain Cookies

Cookies are one of the methods available for adding a persistent state to websites and they are essential for running Oxygen XML Web Author.

In an effort to enforce more privacy-preserving defaults, modern browsers have changed the default behavior of cookies. They will no longer be set for cross-domain requests by default.

Cross-Domain Cookies and Oxygen XML Web Author

When Oxygen XML Web Author is embedded in an iframe and served from a hostname that is different from the parent web application, the default cookies behavior will prevent it from setting any cookies.

If serving Oxygen XML Web Author on a hostname that is different from the parent web application is unavoidable, you can force cookies to be set with the SameSite=None attribute and the Secure attribute (while also deactivating the "X-Frame-Options" header that is set to "SAMESITE" by default) by setting the force.cookies.samesite.none option to true.
Note:
The SameSite=None cookie attribute can only be set when the Secure attribute is set, so you will be forced to also serve Oxygen XML Web Author over HTTPS.