Knack Embed Forcing login on separate popup screen

I have noticed a new issue occuring with my apps when embedding them into my websites. The issue is that the login screen has now dissapeared and each app has a “Login” button that when pressed, redirects the user to the knack site where the app is live to login. Once logged in using this popup form, the app loads in the popup and will not load in the embedded site unless the user refreshes the page. I have a few example sites where this is occuring for testing purposes:

These sites are setup in various ways, a couple using wordpress and others a generic site builder so it is odd that the issue is occuring on all sites.

I have logged this with support who suggest it is a third party cookie issue, however I have all third party cookies enabled for each site in different browsers and the same issue is reproduced on chrome, edge, firefox and brave browsers.

Has anyone else been experiencing the same issues and if so, any solutions?

Yes we’ve noticed this too and checking the User settings as we speak on that app…

I have tried to replicate the issue or even creat different apps from scratch with the bare bones to try and not replicate the issue and it unfortunately occurs every time on every app creation. Not sure of the solution. Support suggested it was a third party cookie block on browsers but even with this enabled on browser level, the issue remains.

Switching to Tokens in the Embedded Login Security for User Logins did the trick for our app.

I was also advised to do this by Support however tokens have comprosmised security which is a risk for the app.

This article on Knack provides some further info on this: Embedded Login Security Settings.

What I am unable to understand is why this changed about 2 weeks ago. We previously had the user login page visible on the embedded site however this changed about 2 weeks ago where the login screen moved to a button and popup window. Logging in on the popup window loads the app in the popup window and is not white labelled which defeates the purpose of embedding in our case.

Using tokens allows the login screen on the embedded app page however has vulnerabilities which compromise security.


This is happening on my app as well. It was a change about a week or two back and it’s definitely something that Knack pushed through in an update. It would be helpful if they sorted it out quickly as it provides a severely diminished user experience for my clients.

Is there any update on this from Knack or are we all waiting another 3 weeks for this bug to get fixed?

Unfortunately still nothing. I have not heard back from tech support other than to say it is a third party cookies issue at browser level. I have all third party cookies enabled on all browsers for, the host IP, host domain, google, amazon AWS and anything else I can find that might have a third party cookie associated with the app and nothing changes.

It is very dissapointing that this is not getting the attention it needs.

1 Like

The last response was deleted for use of abusive language, which is in violation of the community guidelines.

Hi Ali! Kat here. I’m discussing this matter with our product, engineering, and security heads right now. Support has been advocating for this to be addressed. I will continue to make some noise until we get a resolution.


Hi @Kat hoping to hear some updates about where this is at? It has been some time and still the same behaviour observed.

We too are experiencing this with our embedded apps. It would be great to see a resolution, as some are customer facing, so we have similar concerns about the disjointed experience and loss of branding when kicked over to the knack domain.

Thanks for the link, very useful indeed!