Cookie SameSite issue?

edwardsmarkf · December 6, 2019, 6:43pm

I am seeing this warning in my console (below). is this something that will be addressed soon? Supposedly when Chrome-80 comes out in February, this rule will be enforced, although I just tried on Chrome-80 and i get the same warning message.

A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details athttps://www.chromestatus.com/feature/5633521622188032./signin/oauth/oauthchooseaccount?client_id=81362834256tsbtlpumgfo247h5mmrhlij5qs9aat.apps.googleusercontent.com&as=LOLwFmHCE544v_60IouhBg&destination=https%3A%2F%2Fdev-y-wc5m4m.auth0.com&approval_state=!ChRvbE4xNVNPcFdFbjZSbWRlMVhVTxIfSTlVZUlmRDhaTmNTSU5vbEVpbVNxcUhGYXlMSTdSWQ%E2%88%99AJDr988AAAAAXevxy30diECj9yoiCNn4ZueGcbfHm9Xe&oauthgdpr=1&xsrfsig=ChkAeAh8Tz7DtPdzbtQ2GjSwlmDf6ZjP5T3UEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU&flowName=GeneralOAuthFlow:1

A cookie associated with a cross-site resource at http://youtube.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at Chrome Platform Status and https://www.chromestatus.com/feature/5633521622188032./signin/oauth/oauthchooseaccount?client_id=81362834256-thtsbtlpumgfo247h5mmrhlij5qs9aat.apps.googleusercontent.com&as=LOLwFmHCE544v_60IouhBg&destination=https%3A%2F%2Fdev-y-wc5m4m.auth0.com&approval_state=!ChRvbE4xNVNPcFdFbjZSbWRlMVhVTxIfSTlVZUlmRDhaTmNTSU5vbEVpbVNxcUhGYXlMSTdSWQ∙AJDr988AAAAAXevxy30diECj9yoiCNn4ZueGcbfHm9Xe&oauthgdpr=1&xsrfsig=ChkAeAh8Tz7DtPdzbtQ2GjSwlmDf6ZjP5T3UEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU&flowName=GeneralOAuthFlow:1

A cookie associated with a cross-site resource at https://youtube.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at Chrome Platform Status and Chrome Platform Status.

mauricio · December 6, 2019, 7:28pm

Hey @edwardsmarkf,

We recently posted this article in our blog: Upcoming Browser Behavior Changes: What Developers Need to Know

We’ll be updating our SDKs to address the upcoming SameSite cookie changes prior to them being enforced.

system · December 21, 2019, 7:28pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.