Summary

If you are using Chrome Update 80 or later or Microsoft Edge 80.0.361.48 or later and you navigate using HTTP and not HTTPS, you may experience an issue where Bizagi's Work Portal displays an error when trying to work on a case.

Applies to

All versions in Development and Test environments when running on Google Chrome or Microsoft Edge.

Symptoms

When opening the Bizagi Work Portal using Google Chrome or Microsoft Edge, the following error message appears:

Cause

The mentioned browsers pushed a change that creates a conflict with Bizagi Work Portal when it is not configured to use HTTPS.
Specifically, there is a behavioral change in Chrome and Edge for handling cookies that do not explicitly set the SameSite cookie attribute to None.

Solution

1. Our preferred option is to enable HTTPS in all environments (dev, test, prod) with a valid certificate.
You can follow the procedure to set the Work Portal to Work with HTTPS

2. Change the default behavior on Chrome and Edge browsers with the appropriate flags. Keep in mind that this affects all sites browsed, not just Bizagi. This can be done exclusively for Development and Testing environments, for Chrome up to version 91.

For Chrome type in the address bar:
chrome://flags/#same-site-by-default-cookies
chrome://flags/#cookies-without-same-site-must-be-secure
Change the value for both flags to DISABLE. For more information see https://support.google.com/chrome/thread/26291731?hl=en

For Edge
edge://flags/#same-site-by-default-cookies 
edge://flags/#cookies-without-same-site-must-be-secure
Change the value for both flags to DISABLE 


3. Downgrade Chrome to 78.0.4147.105 or earlier

4. Use another browser, such Firefox 

Important note when using load balancers:
The communication between client and balancer, and the communication between balancer and nodes should all be done https.