Auth0 Home Blog Docs

Chrome: Warning message - SameSite cookie

Env:
Chrome: Version 77.0.3865.90 (Official Build) (64-bit)
OS: Debian 9 (64-bit)

Description:
Hi, after Chrome update, now we see this warning on the console.
There is a way to active the SameSite attribute when Auth0 instance is created?

A cookie associated with a cross-site resource at http://auth0.com/ was set without theSameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

8 Likes

+1, same here. Chrome Version 77.0.3865.90 (Official Build) (64-bit), Ubuntu 18.04 (64-bit)

Hi @andres and @bruno-caravelo,

Thanks for pointing this out. It looks like there are some other users experience it, let me see what I can find out.

Thanks,
Dan

8 Likes

Also having the same issue.

I found out that this warning is also causing tremendous slowness on my app as it seems Chrome is affecting the authentication flow.

I’m having the same issue. My team is new to auth0 and right now (in development) we’re not experiencing any negative effects, just a noisy console. I’m concerned about issues once we deploy.

@ejhalpin @tasktix @bruno-caravelo @andres

Hey everyone, I have an update on the warning.

It is a change to Chrome’s cookie protocol, scheduled to go live with Chrome 80 in Feb 2020. We are aware of the change in policy and are prepared for the Feb release.

Thanks,
Dan

From Chrome:

1 Like

Thanks @dan.woda! Yes, for now it is just a warning, although makes the console quite noisy. Do you have an ETA on the fix for this one?

2 Likes

@andres

I apologize, I don’t have any other information at this time. Filtering the warnings out would be all I can recommend.

2 Likes

I have the same issue and currently in my app I can’t sign in using Chrome Canary. (for standart Chrome it’s fine).

@avernikoz,

This would make sense as canary is likely requiring SameSite cookies, being a pre-beta build of chrome.