Premium videos in Embed Player issue

Hey,

After getting many reports of Premium videos not working on QLCrew.com I've investigated the topic and I've found the problem and a solution. I need your help to fix it, since it requires changing cookie attributes.

General info:

Playing premium videos in the embed player requires authentication. The user has to be a subscriber and be logged in to the site in the same browser to play them.

Test setup:

Latest Chrome, user is a subscriber and logged in on giantbomb.com.

Example that works, one free and one premium: https://www.giantbomb.com/api/video-embed-sample/

The same page, but on a different domain: https://qlcrew.com/video-embed-sample.html - here the second video should fail (black box).

Explanation:

What's the problem? It doesn't work in Chrome. (Firefox is fine)

SameSite Cookie policy that google introduced some time ago is messing it up. Because of it the cookie responsible for authenticating the user will not be transferred when the site is accessed form an iframe on a different domain.

Workaround:

If I modify attributes for the cookie patto Secure; SameSite=None; it works fine. Like this:

I hope that you can make some adjustments and the embeds will work again.

Thanks!

Thanks for the detailed error message! I'll file a bug for it but I'm not sure on an ETA for a fix.

@szlifier said:

Hey,

After getting many reports of Premium videos not working on QLCrew.com I've investigated the topic and I've found the problem and a solution. I need your help to fix it, since it requires changing cookie attributes.

General info:

Playing premium videos in the embed player requires authentication. The user has to be a subscriber and be logged in to the site in the same browser to play them.

Test setup:

Latest Chrome, user is a subscriber and logged in on giantbomb.com.

Example that works, one free and one premium: https://www.giantbomb.com/api/video-embed-sample/

The same page, but on a different domain: https://qlcrew.com/video-embed-sample.html - here the second video should fail (black box).

Explanation:

What's the problem? It doesn't work in Chrome. (Firefox is fine)

SameSite Cookie policy that google introduced some time ago is messing it up. Because of it the cookie responsible for authenticating the user will not be transferred when the site is accessed form an iframe on a different domain.

Workaround:

If I modify attributes for the cookie patto Secure; SameSite=None; it works fine. Like this:

I hope that you can make some adjustments and the embeds will work again.

Thanks!