Marfeel HUD is loaded inside an iframe on top of the host page and shares the auth session with
hub.marfeel.com to securely interact with Marfeel APIs via 3rd party cookies.
To access 3rd party cookies inside an iframe Safari explicitly requests access to the user. In order to make this request, the iframe has to have the sandbox flag
In Safari, to access 3rd party cookies inside an iframe, an explicit request to the user has to be made in order to gain access to them. In order to make this request, the iframe needs the
allow-storage-access-by-user-activation sandbox flag.
For sites using HTTP Content-security-policy (CSP) sandbox the HTTP header takes precedence over any inline sandbox flag. For Marfeel HUD to properly work the CSP header has to explicitly specify
Here’s an example of a valid header:
Content-Security-Policy: sandbox allow-storage-access-by-user-activation;