This is a follow-up question on static files.
I have now deployed the little LiveView (on Fly: Typeset · Phoenix Framework) and on its own it’s all dandy. The plan was to make this into an iFrame embed in Wordpress, so this follows the recipe How to: Embed a LiveView via iframe and goes through its own pipeline.
I mapped this to a custom domain: Typeset · Phoenix Framework and the same app falls apart with this error:
Cookie “__phoenix_reload_status__” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
__phoenix_reload_status__ is part of Phoenix.LiveView.Static, but I don’t understand why this is causing an issue only when it’s visited on the custom domain. There is a separate socket with its own @session_options
@embed_session_options [
store: :cookie,
key: "_typeset_key",
signing_salt: "xxxxxxx",
same_site: "None; Secure"
]
and this should be very permissive?
EDIT: this is about check_origin, related to: Phoenix LiveView constantly refreshes with custom domain - Phoenix - Fly.io
