I had this issue, was very distracted by it, but ultimately resolved it by reading and understanding this:
My assumption is that, like me, those of you having this issue (a) see it exclusively in your local dev environment, and (b) your local server is not using HTTPS (in which case, no problem) —OR you are seeing the message in production because your server isn’t using HTTPS. (In which case, say thanks for the warning and fix that!)
This isn’t a bug; things are working as designed.
If you are not using HTTPS in production, the warning is doing you a favor. Enable HTTPS!
In my case, I was seeing these warnings in local dev environment and was distracted and concerned by them.
I am going to trust that this will be fully resolved by the time the policy goes into effect.
So—what did I do to solve this for myself?
For my own diligence, I verified the problem does not exist in production where I am running HTTPS. (It doesn’t.)
Then I went into chrome://flags and disabled Cookie Deprecation messages.
Non-problem “problem” solved
Hope that helps!
P.S. My recommendation to Auth0 would be:
Create an addition to docs regarding the SameSite warning being caused by local HTTP rather than HTTPS and in that doc:
- Provide some assurance that this is almost certainly not something people will see in production
- Educate Auth0 users about what will be expected from local environments when the policy goes into effect.
- Advise that if they find the messages distracting, the best course of action is to disable the deprecation warning.