Anonymous Authentication not Working on Chrome

Junicavi · March 8, 2024, 7:58pm

Hi

We have a mashup that displays a simple section with the count of cases a user has.

We want this to be accessed by anyone, so there’s an Anonymous authentication service and a model user with no Portal configured, when I run the Mashup code on Firefox, it works fine, but when I run it on Chrome, instead of showing the Mashup section it shows the PEGA login screen.

How it should work (Firefox)

How it looks on Chrome:

Is there something we need to change in Chrome?

SWATHI_SRINIVAS · March 8, 2024, 10:39pm

Hi @Junicavi

In Pega web mashup, optimize incorporate mashup content into website it is adhere to pega’s best practises:
Ensure that your mashup displays as intended by not using the nosniff setting.

The nosniff response header prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the content-type that the server declares.

So, in order to troubleshoot the issue ;

nosniff parameter in the following sample code breaks the mashup functionality:

{“X-Content-Type-Options”:“nosniff”,“X-XSS-Protection”:“1; mode=block”,“Strict-Transport-Security”:“max-age=31536000; includeSubDomains”}

Please go through the Reference links

Best practices for using mashups

Pega WebMashup

I Hope you find this helpful

Thanks

Swathi

Junicavi · March 11, 2024, 5:03pm

@SWATHI SRINIVAS Where should I add this code? I’m using the Iframe version of the mashup

Manojkumar_J · March 13, 2024, 1:26pm

@Junicavi
please note if your application is built on Constellation UI then anonymous authentication is not supported
And since you said this works fine in browser like fire fox and not is chrome This might be because of the content type option of those browser.
please refer the below document that states the best practice for using web mashup
Best practices for using mashups | Pega
and as per point number “8” browser like chrome and EE will not support content type of nosniff
To change this please check the HTTP response DSS value Creating a custom HTTP response header | Pega in your system
Thank you !

Junicavi · March 14, 2024, 9:25pm

@Manojkumar_ J I’ve set the DSS with the provided code, but still getting the login screen when I run the mashup on Chrome and Edge, only Firefox works.

Any suggestions, please?

Manojkumar_J · March 15, 2024, 7:29am

@Junicavi This is the issue with the same site cookie attribute probably
please check the CSRF same site cookie configuration and try setting the attribute value to “None”
Thank you !

Junicavi · March 15, 2024, 7:54pm

@Manojkumar_ J THAT WAS IT! Thanks a lot

Conversation		Replies	Views
How to implement Anonymous Authentication in PEGA Mashup? User Experience user-experience , senior-system-architect , security , 8-7-3	6	827	November 11, 2022
How to create a case through Mashup without authentication General pega-platform , system-architect , security , 24-2	3	156	November 25, 2024
Third party cookies must be enabled for mashup to function User Experience user-experience , senior-system-architect , security , case-management , communications-and-media , 8-5	13	4084	March 29, 2024
How to use Custom Authentication Service in Web Mashup General pega-platform , security , system-administration , pega-web-mashup , 8-7-1 , 8-7-3	1	208	November 22, 2023
Troubleshooting Pega mashup issues caused by browsers blocking third-party cookies General pega-platform , senior-system-architect , 8-8-3	2	28	December 4, 2025

Anonymous Authentication not Working on Chrome

Related topics