Third-party cookies blocked in Safari 13.1
If you work with Pega web mashup in a third-party domain in Safari 13.1 and later versions, you might experience problems with displaying your mashups on an external web page. The issue results from Safari blocking third-party cookies.
Condition
When you try to display a mashup in a web page that uses Safari 13.1, you see the following error message:
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://********/prweb/DGUM90lACED74DAWt5QdLQ%5B%5B*/!STANDARD?pyactivitypzZZZ=cf4bf40cc749310addc30ad4a5d8a8da8f527e446e4c7aed0d9ddacebc22fc865032be060df4542d53cc37376de8e4b46b3831dec248c3606364118229dc8a9df1271e976a2d6094f7d227f2025f4ff5aebd1374ba29b875bfeddf86e4ba0b3d3da2d045be018a9499549d3dc91494b27f576e4ecdf76e2b5c6f66ea5c20ea20c018c629bf31fe0bf97655abe161018af7c308b50cf948fdc10e597dc5da47e0ff28e2bd87514c41bffdbf70f2968ebb1c97b6997e1a2e7268aa63ccea0a8127*'' class='content-item content-field item-5 ' STRING_TYPE='field' RESERVE_SPACE='false'>
The issue occurs in Pega Platform versions 7.2 to 8.7.
The issue occurs only if the Pega web mashup domain is a third-party domain.
Cause
In April 2020, Apple released Safari 13.1, with a security feature that blocks third-party cookies by default. The default setting is Prevent cross site tracking. This setting prevents the embedding of any cross-domain content into the main web page.
If the top-level application domain is different from the Pega domain, Safari 13.1 considers Pega Platform cookies to be third-party.
This change negatively affects all deployments using Pega web mashups running on Pega Platform 7.2 to 8.7, which require the prescribed solution. For security reasons, application users are not recommended to disable the default security setting to use Pega web mashup.
Solution
To resolve this issue without dynamic system settings and Pega Platform patch release upgrades, request a Pega Cloud custom domain name. For more information, see
Use a proxy configuration in which the web server that hosts the top-level application sends proxy requests to the Pega Cloud servers.
Select how you want to resolve the issue:
Previous topic Chrome CORB issue Next topic Safari cookies consent issue in versions below 13.1