Can file preview (iframe method) work in Chrome with "Block third-party cookies" on?
Using the documentation here: https://developer.box.com/reference#get-embed-link, I am obtaining the embed URL, and supplying it as the src for an iframe on a page generated by my server-side code. This works splendidly, except in Google Chrome when "Block third-party cookies" is turned on. It appears that the first request for the embed URL returns a reply with status code 302, a Location header that is the same URL as the one requested, and a number of cookies to be set. The subsequent request for the page is sent with the cookies, except in Chrome with "Block third-party cookies" turned on. In Chrome the cookies are not sent (iframe source's host is not the same as the parent document's host), and as a result the Box server sends back the same 302 reply, and the cycle repeats. Eventually Chrome gives up, reporting "xyz.app.box.com redirected you too many times.".
Am I missing a step? Have others experienced the same and found a work-around?
-
Hi and ,
Thanks for posting to our forums! Love to see developers interact on here.
On a sadder note, the cookie dependency is unfortunately expected behavior for now. We've updated our documentation to reflect that:
https://developer.box.com/reference#get-embed-link
Taking advantage of the Content Preview UI Element has been a good workaround for most people, since it does not rely on iFrames:
https://developer.box.com/v2.0/docs/box-content-preview
We're working on a more expansive side-by-side comparison of Embed Links and the UI Elements to help developers 1) be aware that the elements exist but also 2) when to use one over the other. Embed links are easier, but have fewer features/customizations available, while the UI Elements take slightly more work to set up but have more options available.
You can see many examples here:
https://codepen.io/box-platform/pens/public/?grid_type=list
Take a look and hopefully you'll see something in there that works for you.
-
The one problem here is that when using this with the new API for viewing files, this will expose our access token in both the file source and the network request. Is there a way to instead, create a secure/signed URL via the Box API and pass this to the Content Preview UI show() method?
-
We made a recent change and you should no longer need to disable third party cookies for expiring embed to function. Can you please see if things work for you now ?
Also, here's a guide for the different ways you can embed Preview onto your site: https://developer.box.com/docs/using-box-preview-in-your-application
サインインしてコメントを残してください。
コメント
6件のコメント