To support users that block third-party cookies, prevent potential issues with custom functionality and code that use Salesforce session cookies to preview content, emails, products, and more while Salesforce updates those features for blocked third-party cookies by enabling the new My Domain setting, Allow cross-domain use of Salesforce cookies on the preview domain. This setting is enabled by default when My Domain setting Require first-party use of Salesforce cookies is enabled
Why: Chrome and other major web browsers block third-party cookies by default. Users can configure browsers to allow these cookies however, that practice can introduce security risks. Third parties can’t access Salesforce cookies directly. And when your Setup pages are served on the salesforce-setup.com domain, Classic pages can be loaded in Setup without an additional step. However, custom code or functionality that uses a Salesforce session cookie can still be affected when browsers block third-party cookies
How: To prevent third-party use of Salesforce cookies, from Setup, in the Quick Find box, enter My Domain, and then select My Domain. In the Routing and Policies section, click Edit. Enable Require first-party use of Salesforce cookies, and save your changes. Allow cross-domain use of Salesforce cookies on the preview domain setting allow features that use Lightning to frame the preview domain to work and is automatically enabled whenever the Require first-party use of Salesforce cookies setting is enabled
Important If the browser already blocks third-party cookies, both settings have no effect. Also, these settings only affect Salesforce cookies. To test calls from Salesforce that use a third-party cookie, including third-party applications embedded in Salesforce, disable third-party cookies in your browser
