Env: Chrome: Version 77.0.3865.90 (Official Build) (64-bit) OS: Debian 9 (64-bit) Description: Hi, after Chrome update, now we see this warning on the console. There is a way to active the SameSite attribute when Auth0 instance is created? A cookie associated with a cross-site resource at http…

We have an announcement about the roll out, please continue any conversation there: [image] SameSite cookie attribute changes are here! Announcements Cookies are changing cookie fast_forward. In an effort to increase security and avoid CSRF Attacks , changes to…

I’m having the same issue. My team is new to auth0 and right now (in development) we’re not experiencing any negative effects, just a noisy console. I’m concerned about issues once we deploy.

@ejhalpin @tasktix @bruno-caravelo @andres Hey everyone, I have an update on the warning. It is a change to Chrome’s cookie protocol, scheduled to go live with Chrome 80 in Feb 2020. We are aware of the change in policy and are prepared for the Feb release. Thanks, Dan From Chrome: https://www…

Thanks @dan.woda ! Yes, for now it is just a warning, although makes the console quite noisy. Do you have an ETA on the fix for this one?

@andres I apologize, I don’t have any other information at this time. Filtering the warnings out would be all I can recommend.

I have the same issue and currently in my app I can’t sign in using Chrome Canary. (for standart Chrome it’s fine).

@avernikoz , [image] avernikoz: I have the same issue and currently in my app I can’t sign in using Chrome Canary. (for standart Chrome it’s fine). This would make sense as canary is likely requiring SameSite cookies, being a pre-beta build of chrome.

If you have trouble in Chrome Canary, the SameSite behavior can be changed back to the old default by setting chrome://flags/#same-site-by-default-cookies to the value “Disabled”. This flag obviously won’t fix the underlying problem, but if you’re using Canary for development work, it’ll make your …

In incognito mode, Chrome Canary will block any third-party cookies regardless of the SameSite attribute. So your company.auth0.com domain must be explicitly whitelisted by adding it to the Allow list at chrome://settings/content/cookies

Chrome: Warning message - SameSite cookie

Get Help

dan.woda December 3, 2019, 5:39pm 25

We have an announcement about the roll out, please continue any conversation there:

Topic		Replies	Views
Auth0 Chrome SameSite issue Get Help lock	14	9645	August 26, 2020
SameSite attribute still not set in cookies after Authorization Extension update Get Help authorization	3	5759	March 10, 2020
Angular SDK Cookies - SameSite Get Help	2	6985	June 7, 2020
A cookie associated with a cross-site resource at http://auth0.com/ was set without the `SameSite` attribute Get Help	21	13458	October 2, 2020
Cookie SameSite issue? Get Help	2	4619	December 21, 2019

Chrome: Warning message - SameSite cookie

Related topics