Setting the SameSite attribute on cookies

Configure the Configuration.cookieSameSite cookie attribute to prevent cross-domain errors in your Cognos environment.

To prevent cross-site request forgery (CSRF) attacks, some browsers may return error messages if HTML files containing iFrames are hosted in a different domain than the report server. To avoid these errors, you can configure the Configuration.cookieSameSite advanced setting.

Before you begin

The following configuration must be in place:

SSL is enabled
XSRF protection must be enabled. For more information, see XSRF (Cross-Site Request Forgery).

Procedure

Click Manage > Configuration > System, and select Advanced Settings.
In the Key field, type the following:
```
Configuration.cookieSameSite
```
Type None in the Value field.
Click Apply.
Refresh your browser window.

Results

Applications in your Cognos environment with a different domain no longer produce error messages.