Allow cookies to function when using the visual editor iframe.
When you load a webpage in the visual editor, it's displayed in an iframe — so you can preview your site and build variations directly on the page. But when browsers load a page in an iframe, cookies are treated as being used in a third-party context. If your cookies are not explicitly set to allow third-party context usage, those cookies will be blocked in the visual editor.
If your site relies on cookies to display or function correctly, blocked third-party cookies may cause page loading issues.
Understand SameSite cookie defaults
Cookies include a SameSite setting that controls whether they’re allowed in first-party or third-party contexts. If this attribute isn’t set, most modern browsers assume a default of SameSite=Lax — which blocks the cookie from being used when your site is loaded in an iframe. Chrome started enforcing this with version 80.
Allow cookies in third-party context
To ensure cookies work in the visual editor’s iframe, your devs can update your SameSite value to None, and include the Secure attribute. Learn more about SameSite and Secure.
SameSite=None; SecureExample:
document.cookie = "username=John Doe; expires=Wed, 9 Mar 2032 12:00:00 UTC; SameSite=None; Secure";Which cookies should I update?
- JavaScript-set cookies — cookies set via JavaScript that are required for content or functionality to work in the iframe
-
Security considerations — adding
SameSite=Nonecan expose cookies to additional contexts, so review your implementation carefully