[Scripting] "Cookies disabled" with Extension and InDesign CC 2021 (16.4)

Report · Sep 06, 2021

Hi,

We're extension developers and our extension is running on older InDesign versions without problems. The panel opens an website from an server, the site is made with Vaadin - and with CC 2021 I get an "Cookies disabled" message from our site.

My CEFCommandLine is:

					<CEFCommandLine>
						<Parameter>--disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure,NetworkService</Parameter>
						<Parameter>--disable-site-isolation-trials</Parameter>
						<Parameter>--allow-file-access</Parameter>
						<Parameter>--allow-file-access-from-files</Parameter>
						<Parameter>--enable-nodejs</Parameter>
						<Parameter>--mixed-context</Parameter>
					</CEFCommandLine>

Anybody here with a similar problem? Is there a way to access the settings in the Chromium engine?

Thanks
Klaus

Report · Jun 23, 2025

I also facing same issue after updating InDesign to version 20.4 in my workflow we are using a http cookie namely JSESSIONID for authentication in previous version it works ok but in 20.4 version it seems browser blocked this cookie and hence authentication gets failed.

Report · Jun 23, 2025

Hello,

You're encountering the "Cookies disabled" issue in Adobe InDesign CC 2021, specifically when embedding a Vaadin-based site into your CEP (Common Extensibility Platform) extension panel, which uses CEF (Chromium Embedded Framework).

This issue is related to CEF updates and stricter cookie handling policies in newer Chromium versions, which were introduced around Chromium 80. Here's what's going on and some possible solutions.

1.Secure Cookie Attributes
If possible, change the server-side code to set cookies like this:

Set-Cookie: my_cookie=value; SameSite=None; Secure
This will ensure compatibility with Chromium 80+ and CC 2021+. This is the most reliable long-term solution.

2. Use HTTPS for Your Vaadin Site
Modern Chromium blocks third-party cookies without Secure attribute only on HTTP. If you're serving your content over http://, it exacerbates the problem. Use HTTPS + proper SameSite attributes.

3. Try Alternate Chromium Flags
Some users report success with additional flags:

<Parameter>--disable-blink-features=AutomationControlled</Parameter>
<Parameter>--disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure</Parameter>
<Parameter>--enable-features=LegacySameSiteCookieBehavior</Parameter>
Try combining with:

<Parameter>--no-sandbox</Parameter>
Still, your mileage may vary depending on exact InDesign build and CEF version.

4. Use a CORS + Cookie Proxy
If Vaadin can’t be modified directly, consider proxying the requests from your panel to the server and injecting the required cookie headers manually — this can be tricky but works in limited cases.

Debug Tip
To inspect the Chromium engine used by InDesign CEP panel:

Launch InDesign.

Open the CEP panel.

Use Chrome DevTools:

Place a debugger; in your JS.

Attach DevTools via chrome://inspect/#devices in your standalone Chrome browser.

Inspect cookies, storage, console errors.

Best Regard,

Theresa

Report · Jun 23, 2025

issue only gets solved when BE app has set cookie as Set-Cookie: my_cookie=value; SameSite=None; Secure and we use https while making a request to server.

CEF flags does not works.