Question
Estes Forwarding Worldwide
US
Last activity: 15 Dec 2022 12:59 EST
Mashup Not Working
Why is my mashup not working? I'm receiving the following error:
The web page is deployed on a local tomcat server. It doesn't work on any browser.
I have also enabled samesite cookie attribute option and selected "None" from the Samesite options list.
More error information:
Pegasystems Inc.
IN
@DevinD16607791 Hi, Can you please check the certificates. Also please check the below link :
https://support.pega.com/question/pega-web-mashup-doesnt-work-chrome-and-ie
Estes Forwarding Worldwide
US
@SrinidhiM Hi, thank you for your response!
What certificate? The tomcat instance I'm using to host doesn't currently use SSL. And I'm assuming the certificate for the Pega instance is correct. I'm not getting any errors or warnings.
Estes Forwarding Worldwide
US
@SrinidhiMJust discovered the mashup is working in IE, but not Chrome and Edge:
I'm guessing this is an issue with browsers recent move away from 3rd party cookies, mentioned in these articles:
https://docs-previous.pega.com/user-experience/85/troubleshooting-browser-specific-issues-mashups
I'm wondering if this is something that would require a hotfix or upgrade?
Pegasystems Inc.
GB
You are already running on 8.4.3 which has the fix built in. You need to include the documented steps which include
- Create a dynamic system setting with the following properties:
- Owning Ruleset: Pega-Engine
- Setting Purpose: security/csrf/samesitecookieattributevalue
- Value: none
For Pega Platform 8.3 and later releases, when you add or update the security/csrf/samesitecookieattributevalue dynamic system setting, you do not need to restart the server or clustered servers.
Note: After setting the security/csrf/samesitecookieattributevalue dynamic system setting to none, use Pega web mashups only on secure (HTTPS) connections.
You are already running on 8.4.3 which has the fix built in. You need to include the documented steps which include
- Create a dynamic system setting with the following properties:
- Owning Ruleset: Pega-Engine
- Setting Purpose: security/csrf/samesitecookieattributevalue
- Value: none
For Pega Platform 8.3 and later releases, when you add or update the security/csrf/samesitecookieattributevalue dynamic system setting, you do not need to restart the server or clustered servers.
Note: After setting the security/csrf/samesitecookieattributevalue dynamic system setting to none, use Pega web mashups only on secure (HTTPS) connections.
Our Pega 8.8 documentation Cookie usage in Pega software, Troubleshooting mashup issues and Troubleshooting browser-specific issues with mashups shows that steps still need to be taken manually.
Updated: 14 Dec 2022 16:12 EST
Estes Forwarding Worldwide
US
@MarijeSchillern I've created a dynamic system setting, but it didn't work:
I noticed that you can update this setting in Configure > System > Settings > Cross-Site Request Forgery:
This page sets the Dynamic System Settings to "None" rather than "none" which I believe is correct:
Neither "None" or "none" fix the issue. They actually introduce unwanted side effects, like the login screen not rendering correctly:
Pegasystems Inc.
IN
@DevinD16607791 security/csrf/samesitecookieattributevalue” - "None" DSS fixed the issue for me.
Also, looks like you are authorizing with basic authentication. I hope you have configured Anonymous Authentication that helps.
Estes Forwarding Worldwide
US
@AneeshaGThank you! I got the Mashup to work following your guidance. It seems like the issue was with the login. Either using a mashup configuration that doesn't require logging in, or configuring Anonymous Authentication seems to fix the issue.
You can also login to the Pega instance, then test the mashup.
Oddly, setting security/csrf/samesitecookieattributevalue to "None" was not required. It actually caused the login page to break. Disabling the samesite cookie, as suggested in the mashup configs, I was able to successfully embed the mashup.
