Chrome blocking 3rd Party Cookies when Embedding


We have embedded Grafana into our application, and use Okta Authentication to have a seamless experience.

Chrome browser is showing warnings that it will block 3rd party cookies:

Cookies with the SameSite=None; Secure and not Partitioned attributes that operate in cross-site contexts are third-party cookies. In future Chrome versions, reading third-party cookies will be blocked. This behaviour protects user data from cross-site tracking.

This is impacting the following cookies:

  • grafana_session
  • grafana_session_expiry

If I enable the full blocking in chrome to test, the embedded site is completely broken.

Is there any specific way of resolving this, e.g. cookieless or any other advise?

Currently this will make embedding Grafana impossible for me.

I am running Grafana 10.1.5 on Windows.

Thank you

Blocking of third party cookies was already implemented in other browsers - Chrome is last one.

You may check what Chrome recommends. Safari’s recommendation: Full Third-Party Cookie Blocking and More | WebKit

Option 1: OAuth 2.0 Authorization with which the authenticating domain (in your case, the third-party that expects cookies) forwards an authorization token to your website which you consume and use to establish a first-party login session with a server-set Secure and HttpOnly cookie.

That may be a your solution.

Thank you for your quick response. I will have a read through and try to work a solution.