#give-feedback
Title
f
full-planet-54859
09/09/2021, 4:52 PMHi, i'm trying to use the visual editor to change some text that appears dynamically on our calculator result but the component times out in the editor mode and means i can't change the text
f
fresh-football-47124
09/09/2021, 4:52 PM
Hi Eddie
is there anything in the console?
f
full-planet-54859
09/09/2021, 4:54 PMf
future-teacher-7046
09/09/2021, 4:56 PM
The editor loads your site in an iframe. It's possible that is causing the API request to your back-end to fail. I'll take a look and see if I can see anything
f
full-planet-54859
09/09/2021, 4:57 PMI see, it works in Optimize if thats any help...
f
future-teacher-7046
09/09/2021, 4:59 PM
In addition to the 422 response, your API is showing this error:
f
full-planet-54859
09/09/2021, 4:59 PM@plain-lizard-13513 ^
p
plain-lizard-13513
09/09/2021, 5:03 PM👋 - not sure whats being sent through. The endpoint is generally working though, as we get thousands of requests a day on it
f
future-teacher-7046
09/09/2021, 5:06 PM
The origin for the api request is https://tembomoney.com but it's fired from within an iframe hosted on https://app.growthbook.io. I'm guessing your server doesn't like something about that and is rejecting the request. Any way to see the server logs to see if there's a more informative error message?
I think it might be cookie related. When I load your site in it's own tab, it sends cookies along with the request. But when it's loading within an iframe, it does not send cookies. I'm guessing your API is rejecting the request because it doesn't have the
_tembo_sessionLooking further, I think this is related to SameSite cookies. Since the api host doesn't match the domain in the address bar (app.growthbook.io), then it's treated as a Cross-Site request and does not include SameSite cookies. The browsers recently changed the default setting from
SameSite:noneSameSite:laxUnfortunately, there's no great workaround at the moment. You either have to disable this new browser behavior or use an old browser version, both of which can open security holes so it's not recommended