https://www.growthbook.io/ logo
f

full-planet-54859

09/09/2021, 4:52 PM
Hi, i'm trying to use the visual editor to change some text that appears dynamically on our calculator result but the component times out in the editor mode and means i can't change the text
f

fresh-football-47124

09/09/2021, 4:52 PM
Hi Eddie
is there anything in the console?
f

full-planet-54859

09/09/2021, 4:54 PM
f

future-teacher-7046

09/09/2021, 4:56 PM
The editor loads your site in an iframe. It's possible that is causing the API request to your back-end to fail. I'll take a look and see if I can see anything
f

full-planet-54859

09/09/2021, 4:57 PM
I see, it works in Optimize if thats any help...
f

future-teacher-7046

09/09/2021, 4:59 PM
In addition to the 422 response, your API is showing this error:
f

full-planet-54859

09/09/2021, 4:59 PM
@plain-lizard-13513 ^
p

plain-lizard-13513

09/09/2021, 5:03 PM
👋 - not sure whats being sent through. The endpoint is generally working though, as we get thousands of requests a day on it
f

future-teacher-7046

09/09/2021, 5:06 PM
The origin for the api request is https://tembomoney.com but it's fired from within an iframe hosted on https://app.growthbook.io. I'm guessing your server doesn't like something about that and is rejecting the request. Any way to see the server logs to see if there's a more informative error message?
I think it might be cookie related. When I load your site in it's own tab, it sends cookies along with the request. But when it's loading within an iframe, it does not send cookies. I'm guessing your API is rejecting the request because it doesn't have the
_tembo_session
cookie
Looking further, I think this is related to SameSite cookies. Since the api host doesn't match the domain in the address bar (app.growthbook.io), then it's treated as a Cross-Site request and does not include SameSite cookies. The browsers recently changed the default setting from
SameSite:none
to
SameSite:lax
which is causing this to break
Unfortunately, there's no great workaround at the moment. You either have to disable this new browser behavior or use an old browser version, both of which can open security holes so it's not recommended