Setting the cookieSameSite attribute

Configure the Configuration.cookieSameSite attribute to prevent cross-domain errors in your Cognos environment.

To prevent cross-site request forgery (CSRF) attacks, some browsers may return error messages if HTML files containing iFrames are hosted in a different domain than the report server. To avoid these errors, you can configure the Configuration.cookieSameSite advanced setting.

If you are embedding a Cognos Analytics dashboard in a Microsoft Teams environment, you must set this attribute. For more information, see Embedding a dashboard in Microsoft Teams.

Before you begin

The following configuration must be in place:

SSL is enabled
XSRF protection must be enabled. For more information, see XSRF (Cross-Site Request Forgery).

Important: You must enable SSL access before you set Configuration.cookieSameSite=None. Otherwise all users, including administrators, will be locked out of Cognos Analytics.

Procedure

Click Manage > Configuration > System, and select Advanced Settings.
In the Key field, type the following:
```
Configuration.cookieSameSite
```
Type None in the Value field.
Click Apply.
Refresh your browser window.

Results

Applications in your Cognos environment with a different domain no longer produce error messages.