A cookie associated with a cross-site resource at http://auth0.com/ was set without the `SameSite` attribute

lily.wisecarver · May 20, 2020, 4:46pm

Yeah that would only work for your browser. You need to make sure you are using the latest version of the SDKs to remove warnings.

auth0-spa-js: we are now in version 1.8

Can you please confirm that you have:

Set your application to use sameSite=none if it uses response_mode=form_post when interacting with Auth0 (note that Chrome makes no exceptions, even for localhost )
Set your cookie as secure if its sameSite attribute equals None , otherwise it will be rejected by the browser. If you use HTTP for your Callback URLs, these will break if you use such cookies for binding the authorization request state/nonce. Therefore, you must either use HTTPS or set sameSite=lax .

Topic		Replies	Views
Angular SDK Cookies - SameSite Get Help	2	6955	June 7, 2020
Auth0 Chrome SameSite issue Get Help lock	14	9574	August 26, 2020
Samesite cookie flag required changes Get Help cookie , auth0-spa-js , samesite	8	8730	August 12, 2020
Chrome: Warning message - SameSite cookie Get Help chrome , cookie	23	18786	December 3, 2019
Auth0-spa-js silent login issues "Samesite Cookie" issue Get Help	6	7005	February 26, 2020