Notice for customers
Google continues to update Chrome web browser with additional security restrictions. Google is making these changes to improve browser privacy and security.
Chrome 8x changes
Blocked HTTP content/downloads on HTTPS pages
Google Chrome will soon begin blocking webpage content and downloads that are delivered through an unencrypted connection (i.e. HTTP) on pages using HTTPS. What this means for Coupa users is that customer-created content that isn't hosted by Coupa may not display properly or fail to download on secure Coupa pages.
Today, Google is providing users with a warning when it loads a webpage that contains both encrypted and unencrypted content. If you encounter this error, you'll need to move the affected content to a secured (HTTPS) hosting site.
The most common areas that may be affected in Coupa are images and links for your customized homepage content. Any content that's loaded into Coupa using a URL could be affected:
When users add attachments via a URL, Coupa doesn't make a copy of the attachment in the instance, but points to the hosted file. Because all Coupa pages use HTTPS, any links that don't utilize HTTPS will be blocked by Chrome.
Depending on the version of Chrome you're using, you may get a warning when trying to display/download some content, or the content may be blocked altogether.
iFrame pages and apps
Chrome version 80 and above handles 3rd-party cookies differently than previous versions and doesn't let users stay signed into your site. Now, when Chrome requests a URL that doesn't match the URL currently in the user’s address bar, the current site's cookies aren't sent with the request. This means that if the URL in your iFrame app doesn't match the URL in the address bar, your session won't be recognized in the iFrame app.
Because Coupa relies on your site session cookies to keep the user logged in, your site can't be signed into automatically. This behavior is beyond Coupa's control because one site can't modify the cookies created by another site.
We want to ensure that your team understands the impact of the Chrome 80 and above new handling of 3rd-party cookies, and we want to ensure that your team can update your services for your iFrame applications to allow the session cookie to be retained in 3rd-party contexts. To learn more about the new behavior, see https://web.dev/
Your IT should know how to use this information to update your site services for your iFrame application for Coupa. If not, please contact Coupa support.