Hi @michael_hindley,
The cookies concerned come from auth0.com
and is a server concern. There is nothing that the SDK can do to change this.
We have already changed the server side to set the samesite
attribute accordingly - if you inspect the network tab, you should see the auth0
cookie come down with samesite
set to None
in Chrome. I can verify that I’m getting the warning too, yet cookies seem to be set OK and everything still works. What we can’t understand is why Chrome is still showing the warning but everything still seems to work.
If you are still concerned, please try the following:
- Inspect the actual cookie attributes and verify whether the
samesite
attribute is being set correctly - Enable the samesite flags in Chrome, or download the Canary release of Chrome (which has the flags set by default) and verify that calls to
getTokenSilently()
still work
If you are concerned that something isn’t working properly as it should, let me know.