iframe refused to connect while using XAMPP and Laravel

Question

I am developing a Laravel application and have added an iframe as follows:

The iframe does not connect and simply says www.google.com refused to connect. I have done some research and it appears this related to X-Frame-Options being set. Within the Chrome Browser Developer Tools, I see the following error message:

A cookie associated with a cross-site resource at https://www.google.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

My guess is this is a setting that needs to be changed at the XAMPP server level within Apache but I cannot figure out where. Any ideas?

Answer 1

If you are testing on localhost and you have no control of the response headers, you can disable it with a chrome flag.

open this URL :

chrome://flags/#same-site-by-default-cookies

and disable SameSite by default cookies

SameSite prevents the browser from sending the cookie along with cross-site requests.

if you don't want to disable SameSite by default cookies you can add response header before sending back response to resolve this:

return response($content)
              ->header("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");