Using the documentation here: https://developer.box.com/reference#get-embed-link, I am obtaining the embed URL, and supplying it as the src for an iframe on a page generated by my server-side code. This works splendidly, except in Google Chrome when "Block third-party cookies" is turned on. It appears that the first request for the embed URL returns a reply with status code 302, a Location header that is the same URL as the one requested, and a number of cookies to be set. The subsequent request for the page is sent with the cookies, except in Chrome with "Block third-party cookies" turned on. In Chrome the cookies are not sent (iframe source's host is not the same as the parent document's host), and as a result the Box server sends back the same 302 reply, and the cycle repeats. Eventually Chrome gives up, reporting "xyz.app.box.com redirected you too many times.".
Am I missing a step? Have others experienced the same and found a work-around?
Please sign in to leave a comment.