Applies to Pega Platform™ versions 7.4 -- 8.6

Learn how to troubleshoot issues with Pega mashup when third-party cookies are blocked by browsers.

Browser compatibility with third-party cookies

Why do browsers block third-party cookies?

Impact on Pega web mashup

Solution

Browser compatibility with third-party cookies

Browsers are phasing out support for third-party cookies to offer enhanced privacy of web browsing, greater transparency and choice and control over user’s data usage. This affects Pega web mashup as the mashup does not work if the third-party cookies are blocked when the mashup is hosted in a third-party domain (domain other than the host domain).

Why do browsers block third-party cookies?

Cookies help applications to authenticate web requests. An application includes a Set-Cookie header on the response and a user’s session cookie for every subsequent request the application receives. However, cookies can also be used as a tool by advertisers to spy on users’ every move across the web. Hence, new policies are being adopted by the browsers to restrict the usage of cookies hosted in third-party domains.

The following table represents the behavior of some of the browsers in presence of third-party cookies:

Impact on Pega Web Mashup

When the top-level application domain is different from the Pega domain, browsers consider Pega platform cookies as the third-party cookies. Pega web mashups that are hosted in domains other than the domain that is being visited are treated as third-party domain cookies and are blocked by default on all major browsers (except the Google Chrome browser).  

This prevents the embedding of any cross-domain content into the main web page. This is an industry-wide issue and it impacts any organization that provides plug-in or mashup capability including the other vendors. Blocking the third-party cookies policy negatively affects all the deployments that use Pega web mashups. Google Chrome has partially blocked the usage of third-party built-in alert boxes and plans to phase out support for third-party cookies by mid-2023.

Solution

Follow any of the approaches to troubleshoot Pega mashup issues that occur when the third-party cookies are blocked by browsers:

• Use a proxy configuration in which the web server that hosts the top-level application sends proxy requests to the Pega servers.
  For example, the https://clientsite.com/ top-level application embeds the Pega web mashup https://clientsite.com/prweb/ client web server proxy in https://<client_env>-.pegacloud.net.
• Use custom domain such that both applications use the same domain but different subdomains. This results in the system considering cookies to be the first-party cookies.
  For example, the https://clientsite.com/ top-level application embeds the Pega web mashup https://pega.clientsite.com/prweb/ custom domain in https://<client_env>-.pegacloud.net.
   

Configuring Pega Web Mashup with custom domain

Following are the steps involved in configuring Pega web mashup with custom domain for the applications hosted in Pega Cloud services:

1. Client gathers information about the exact custom domain (For example, pega.clientsite.com) to be used from the user.
2. Client requests a custom domain as per the process included in Requesting a custom domain name for applications hosted in Pega Cloud.
3. Developer replaces the existing URL with the new URL (For example, pega.abc.com) provided, in the Pega web mashup.
4. Be sure to read CORB error with Chrome 80 SameSite cookies and follow the Solution procedure.

For more information on how to troubleshoot various browser-specific issues with mashup, read  
Troubleshooting browser-specific issues with mashups

Related content

For future needs when updating to Pega Platform version 8.8.x, see the following Pega Documentation articles:

Cookie usage in Pega software

Troubleshooting mashup issues

Troubleshooting browser-specific issues with mashups