Skip to main content
LinkedIn
Copied!

Troubleshooting Pega mashup issues caused by browsers blocking third-party cookies

Learn how to troubleshoot issues with Pega mashup when third-party cookies are blocked by browsers.

Browser compatibility with third-party cookies

Why do browsers block third-party cookies?

Impact on Pega web mashup

Solution

 

Browser compatibility with third-party cookies

Browsers are phasing out support for third-party cookies to offer enhanced privacy of web browsing, greater transparency and choice and control over user’s data usage. This affects Pega web mashup as the mashup does not work if the third-party cookies are blocked when the mashup is hosted in a third-party domain (domain other than the host domain).

Why do browsers block third-party cookies?

Cookies help applications to authenticate web requests. An application includes a Set-Cookie header on the response and a user’s session cookie for every subsequent request the application receives. However, cookies can also be used as a tool by advertisers to spy on users’ every move across the web. Hence, new policies are being adopted by the browsers to restrict the usage of cookies hosted in third-party domains.

The following table represents the behavior of some of the browsers in presence of third-party cookies:

Browser

Behavior

Reference

Safari

Blocks third-party cookies by default in normal browsing mode

For more information, visit the WebKit Support page

Mozilla Firefox

Blocks third-party cookies by default in normal browsing mode

For more information, visit the Mozilla Support page

Google Chrome

  • Makes blocking optional in normal browsing mode
  • Blocks third-party cookies by default in the Incognito mode
  • Plans to phase out support for third-party cookies (by default) in normal browsing mode by mid-2023.

For more details, visit Chromium Blog and Google Keyword webpage

Microsoft Edge

Offers three levels of tracking prevention:

  • Basic
  • Balanced
  • Strict

To know more about Tracking Prevention in Microsoft Edge, visit the Documentation tab on the Microsoft Docs website

Impact on Pega web mashup

When the top-level application domain is different from the Pega domain, browsers consider Pega platform cookies as the third-party cookies. Pega web mashups that are hosted in domains other than the domain that is being visited are treated as third-party domain cookies and are blocked by default on all major browsers (except the Google Chrome browser).  

This prevents the embedding of any cross-domain content into the main web page. This is an industry-wide issue and it impacts any organization that provides plug-in or mashup capability including the other vendors. Blocking the third-party cookies policy negatively affects all the deployments that use Pega web mashups. Google Chrome has partially blocked the usage of third-party built-in alert boxes and plans to phase out support for third-party cookies by mid-2023.

Solution

Follow any of the approaches to troubleshoot Pega mashup issues that occur when the third-party cookies are blocked by browsers:

  • Use a proxy configuration in which the web server that hosts the top-level application sends proxy requests to the Pega servers
    For example, the https://clientsite.com/ top-level application embeds the Pega web mashup https://clientsite.com/prweb/ client web server proxy in https://<client_env>-.pegacloud.net.
  • Use custom domain such that both applications use the same domain but different subdomains. This results in the system considering cookies to be the first-party cookies
    For example, the https://clientsite.com/ top-level application embeds the Pega web mashup https://pega.clientsite.com/prweb/ custom domain in https://<client_env>-.pegacloud.net.

     

Configuring Pega web mashup with custom domain

Following are the steps involved in configuring Pega web mashup with custom domain for the applications hosted in Pega Cloud services:

  1. Client gathers information about the exact custom domain (For example, pega.clientsite.com) to be used from the user.
  2. Client requests a custom domain as per the process included in Requesting a custom domain name for applications hosted in Pega Cloud.
  3. Developer replaces the existing URL with the new URL (For example, pega.abc.com) provided, in the Pega web mashup.

For more information on how to troubleshoot various browser-specific issues with mashup, read  
Troubleshooting browser-specific issues with mashups

 

Did you find this content helpful?

Related Content

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us