Article - CS318637
Update and Configure Apache Tomcat to allow ThingWorx to operate in cross-domain environments
Modified: 04-May-2022
Applies To
- ThingWorx Platform 8.3 to 9.3
- Google Chrome
- Apache Tomcat
Description
- Google is changing the way in which Chrome version 80 (target release date of February 4, 2020) and later will handle cookies that do not specify a SameSite attribute by default
- PTC is taking steps to ensure that ThingWorx implementations are not impacted
- If operating with certain deployment architectures, may need to take additional steps to ensure there is no break in functionality
- Instances of ThingWorx, PingFederate, and/or Identity Provider residing in different domains will require these additional steps, which include updating and slightly modifying Apache Tomcat
- Embedded components of ThingWorx in another web application residing in a separate domain (from ThingWorx) will also have to take these additional steps
- ThingWorx 8.5.3 and later, ThingWorx 8.4.7 and later, ThingWorx 8.3.11 and later are certified against Apache Tomcat 8.5.49 and 9.0.29
- These versions of Apache Tomcat are also packaged with the ThingWorx installer
- It is not possible to deploy docker containers for earlier versions of ThingWorx when using Apache Tomcat 8.5.49 or 9.0.29 or later
- Additionally, certain older web browsers will mishandle or reject cookies specifying a "SameSite=none" attribute. It is highly recommended to update to the latest browser release
- Please see details below in the “Notes” column and take appropriate action to ensure proper handling of cookies specifying this attribute
This is a PDF version of Article CS318637 and may be out of date. For the latest version click https://www.ptc.com/en/support/article/CS318637