[SalesForce] sameSite attribute issue with iFrame page while using chrome browser

I am opening our external application pages in an iFrame in different VF pages. I was able to access these pages without any issues until latest Google chrome update with sameSite attribute. I am using authentication by token which is passing through iFrame URL. I am able to open the page in fireFox browser. But it is loading login page while using Chrome. I tried to open visualforce page with an extension "sameSite=none" with no positive result. I can see below warning in the console log.

A cookie associated with a cross-site resource at was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure.

I tried disabling sameSite flag on chrome://flags/ and VF page with iFrame. When that flag is disabled I am able to open the page without any issues. There are no warnings in console panel and no authentication issue.
So do I need to update salesforce VFpage code or Apex or anything else from my end or Do I need to inform our application team to check with sameSite attribute from their end?? Please advice.

Best Answer

I let my application team know regarding this issue. I shared the console log error. They fixed it with adding cookies in the header in generic filter class that calls before to every request. That fixed for me. It goes like below. 

class SameSiteFilter extends GenericFilterBean {
@Override
public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse resp = (HttpServletResponse) response;
    String cookie = resp.getHeader("Set-Cookie");
    if (cookie != null) {
        resp.setHeader("Set-Cookie", cookie + "; HttpOnly;SameSite=none; Secure");
    }
    chain.doFilter(request, response);
}}

This was done from application side. I didn't do anything from SF side. All other functionalities working fine.

Related Topic