Hey folks, I’ve enabled site-wide password protection on a site (we’re on Pro plan.)
Everything works as expected until I embed the site within an iframe in our CMS (Sanity) for live preview.
After entering the password (which I’ve made sure to be the correct one), the iframe just reset itself. In the console log, we get a 401 error message for the iframe src.
If I access the site directly, no issues.
I figured it could had been a CSP issue, so I added the following headers to the Netlify site, and confirmed that it worked in the Network tab:
content-security-policy: frame-ancestors 'self' https://[project name].sanity.studio;
But still no dice. Here’s my request id:
Any help is much appreciated. Thank you in advance!
Edit: Some more clue:
It turned out the error is caused not by embedding iframe, but because the cookie was never set:
x-nf-request-id: 01FHDMT4KYCQPBN1FN170K2HKW set-cookie: [...] This Set-Cookie have to have been set with "SameSite=None" to enable cross-site usage.
Is there a way for me to manually set SameSite=None when using this feature? any help is much appreciated!