Cookie SameSite issue?

I am seeing this warning in my console (below). is this something that will be addressed soon? Supposedly when Chrome-80 comes out in February, this rule will be enforced, although I just tried on Chrome-80 and i get the same warning message.

A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details athttps://www.chromestatus.com/feature/5633521622188032./signin/oauth/oauthchooseaccount?client_id=81362834256tsbtlpumgfo247h5mmrhlij5qs9aat.apps.googleusercontent.com&as=LOLwFmHCE544v_60IouhBg&destination=https%3A%2F%2Fdev-y-wc5m4m.auth0.com&approval_state=!ChRvbE4xNVNPcFdFbjZSbWRlMVhVTxIfSTlVZUlmRDhaTmNTSU5vbEVpbVNxcUhGYXlMSTdSWQ%E2%88%99AJDr988AAAAAXevxy30diECj9yoiCNn4ZueGcbfHm9Xe&oauthgdpr=1&xsrfsig=ChkAeAh8Tz7DtPdzbtQ2GjSwlmDf6ZjP5T3UEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU&flowName=GeneralOAuthFlow:1

A cookie associated with a cross-site resource at http://youtube.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032./signin/oauth/oauthchooseaccount?client_id=81362834256-thtsbtlpumgfo247h5mmrhlij5qs9aat.apps.googleusercontent.com&as=LOLwFmHCE544v_60IouhBg&destination=https%3A%2F%2Fdev-y-wc5m4m.auth0.com&approval_state=!ChRvbE4xNVNPcFdFbjZSbWRlMVhVTxIfSTlVZUlmRDhaTmNTSU5vbEVpbVNxcUhGYXlMSTdSWQ∙AJDr988AAAAAXevxy30diECj9yoiCNn4ZueGcbfHm9Xe&oauthgdpr=1&xsrfsig=ChkAeAh8Tz7DtPdzbtQ2GjSwlmDf6ZjP5T3UEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU&flowName=GeneralOAuthFlow:1

A cookie associated with a cross-site resource at https://youtube.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Hey @edwardsmarkf,

We recently posted this article in our blog: https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/

We’ll be updating our SDKs to address the upcoming SameSite cookie changes prior to them being enforced.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.