Forums

flask sessions with iframes/ 3rd part cookies

Hi there I hope someone can help,

I have set up a simple login system with sessions on my flask app.

The point of this app is mainly serve video files:

There will be requests to the app like this-

'https://giffsmith1000.pythonanywhere.com/login?video_path=vids/van1/Cam1 12.03.41 07-06-2022.mp4'

The first request will require the username and password to be entered on the login page , but after that, each subsequent request is passed onto another route which serves the file.

This works fine in the browser, however if I put it in an iframe (which is how I intended to use it) the session cookie doesn't work and you have to enter the username and password every time.

Could someone possibly point me towards a solution (I've looked for several hours and I understand that it is the issue of 3rd party cookies).

Alternatively, is there a different form of authentication that I could use (other than basic http authentication, but possibly similar so that I can send it along with the request and do away with the login/sessions bit altogether.

Kindest regards

Paul

You need to send the appropriate headers so that the browser will allow the inclusion of your site in an iframe: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors