Cookies in embed
View options
- Truncate descriptions
Right now cookies (and therefore authentication) do not work in embeds. This is because the cookies have samesite=strict
. Do we want to allow cookies for all sites? (samesite=none).
Note that on the old website, embeds do not work with authentication either.
If so, the frontend should also detect if third-party cookies are disabled and show a message (possibly with link to non-embed). Detection can be done by checking /authentication/status after successful password login or OAuth start.