SameSite warning Chrome 77
This console warning is not an error or an actual problem — Chrome is just spreading the word about this new standard to increase developer adoption.
It has nothing to do with your code. It is something their web servers will have to support.
Release date for a fix is February 4, 2020 per:
https://www.chromium.org/updates/same-site
February, 2020: Enforcement rollout for Chrome 80 Stable: The SameSite-by-default and SameSite=None-requires-Secure behaviors will begin rolling out to Chrome 80 Stable for an initial limited population starting the week of February 17, 2020, excluding the US President’s Day holiday on Monday. We will be closely monitoring and evaluating ecosystem impact from this initial limited phase through gradually increasing rollouts.
For the full Chrome release schedule, see here.
I solved same problem by adding in response header
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
SameSite
prevents the browser from sending the cookie along with cross-site requests. The main goal is mitigating the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks. Possible values for the flag are Lax or Strict.
SameSite cookies explained here
Please refer this before applying any option.
Find the cookie that causes Chrome's SameSite warning
We've put together a more in-depth debugging guide here:
https://www.chromium.org/updates/same-site/test-debug
As a tl;dr
- In the Network panel, select a request, go to the Cookies sub-tab, check the "show filtered out request cookies", and you can see each cookie along with the ones that were not included
- Capture a NetLog dump from Chrome and you can examine this in detail for the specific blocking events.
Why does Google Chrome not recognize my SameSite cookie?
SameSite is not a cookie value. It's a cookie flag, like httpOnly and secure. So you cannot set it like document.cookie="SameSite=strict"
, because that sets a value.
Try with
document.cookie="mycookie=myvalue;SameSite=strict"
You can then observe in Chrome DevTools on the Application tab under Cookies that your cookie is in fact set as SameSite=strict, as opposed to just a plain cookie.
Related Topics
How to Pause Setinterval() Functions
Accessing ASP.NET Controls Using Jquery (All Options)
Rails Include JavaScripts Assets Folder Recursively
How to Prevent Closing Browser Window
How to Bring a Circle to the Front with D3
JavaScript Read File Without Using Input
Understanding Promises in Node.Js
How to Set a JavaScript Object Values Dynamically
Browser-Independent Way to Detect When Image Has Been Loaded
How to Create Streams from String in Node.Js
Encrypting Data with Ruby Decrypting with Node
How to Serialize Dom Node to JSON Even If There Are Circular References
Adding/Removing Items from a JavaScript Object with Jquery
How to Intercept Xmlhttprequests from a Greasemonkey Script
Multiple, Sequential Fetch() Promise
How to Load Binary Image Data Using JavaScript and Xmlhttprequest