@lily.wisecarver I’m on auth0-spa-js 1.11.0 and and @auth0/auth0-react 1.0.0 using the standard Auth0Provider authenticating to a React SPA and an API.
A cookie associated with a cross-site resource at http://auth0.com/ was set without the
SameSiteattribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set withSameSite=NoneandSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at Chrome Platform Status and Chrome Platform Status.
The message is also duplicated for my own domain.
Can’t find any application settings for sameSite in the Dashboard or as a parameter to the Auth0Provider component, or to the Auth0 JS Client.