SASĀ® Visual Analytics reports that are embedded using the SDK or iframes might stop working if the browser is configured to block third-party cookies


SAS Visual Analytics reports that are embedded on a website using the SDK or an iframe might stop working if your browser blocks third-party cookies. If the web page that is embedding the SAS Visual Analytics report is hosted on a different domain from the actual SAS Visual Analytics server, the browser considers the cookies that are used by SAS Visual Analytics to be third-party cookies (also referred to as tracking cookies). If the embedding page is on the same domain as the SAS Visual Analytics server, then the cookies are considered first-party cookies and this problem does not occur.

You can determine the domain of a website from the URL. A URL has several parts, and the last two parts of the base URL form the domain. For example, the domain of https://support.sas.com is sas.com. If the embedding website is hosted on https://www.sas.com, and the SAS Visual Analytics server has a URL of https://viya.sas.com/SASVisualAnalytics, both of the URLs would be in the domain of sas.com. In this case, the cookies would be considered first-party, and the embedded report would work fine even if third-party cookies were blocked. However, if the embedding web page is located on https://www.google.com, then the domain of the embedding page would be google.com. In this case, the domains would be different, and the cookies would be third-party. If the browser was set to block third-party cookies, the embedded report would fail.

If you are in a situation where the cookies are considered third-party, you might encounter various failures. Unfortunately, these failures can share symptoms with other basic configuration issues that could also cause similar errors, such as CORS configuration or SameSite cookies. The browsers all indicate in different ways that a third-party cookie was blocked if you are in this situation. The major browsers all show third-party cookies being blocked on the URL bar, as highlighted below. Note, the browsers could change how this information is displayed in future versions.

Google Chrome:

google chrome cookies test

Mozilla Firefox:

mozilla firefox cookie test


Microsoft Edge:

microsoft edge cookies test

If you encounter this situation, the most straightforward solution is to host the embedding web page in the same domain as the SAS Visual Analytics server. In the past, all browsers have allowed third-party cookies, but all browsers do plan to eventually block these fully with Google. Some browsers, Firefox and Safari, have already changed the default settings to disable third-party cookies, but still allow end users to enable them if they modify the settings. Chrome has plans to fully phase out third-party cookies toward the end of 2023.