Samesite Warning Chrome 77

SameSite warning Chrome 77

This console warning is not an error or an actual problem — Chrome is just spreading the word about this new standard to increase developer adoption.

It has nothing to do with your code. It is something their web servers will have to support.

Release date for a fix is February 4, 2020 per:
https://www.chromium.org/updates/same-site

February, 2020: Enforcement rollout for Chrome 80 Stable: The SameSite-by-default and SameSite=None-requires-Secure behaviors will begin rolling out to Chrome 80 Stable for an initial limited population starting the week of February 17, 2020, excluding the US President’s Day holiday on Monday. We will be closely monitoring and evaluating ecosystem impact from this initial limited phase through gradually increasing rollouts.

For the full Chrome release schedule, see here.

I solved same problem by adding in response header

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

SameSite prevents the browser from sending the cookie along with cross-site requests. The main goal is mitigating the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks. Possible values for the flag are Lax or Strict.

SameSite cookies explained here

Please refer this before applying any option.

Find the cookie that causes Chrome's SameSite warning

We've put together a more in-depth debugging guide here:
https://www.chromium.org/updates/same-site/test-debug

As a tl;dr

  1. In the Network panel, select a request, go to the Cookies sub-tab, check the "show filtered out request cookies", and you can see each cookie along with the ones that were not included
  2. Capture a NetLog dump from Chrome and you can examine this in detail for the specific blocking events.

Why does Google Chrome not recognize my SameSite cookie?

SameSite is not a cookie value. It's a cookie flag, like httpOnly and secure. So you cannot set it like document.cookie="SameSite=strict", because that sets a value.

Try with

document.cookie="mycookie=myvalue;SameSite=strict"

You can then observe in Chrome DevTools on the Application tab under Cookies that your cookie is in fact set as SameSite=strict, as opposed to just a plain cookie.


Related Topics

How to Pause Setinterval() Functions

Accessing ASP.NET Controls Using Jquery (All Options)

Rails Include JavaScripts Assets Folder Recursively

Getelementbyid - Multiple Ids

How to Prevent Closing Browser Window

How to Bring a Circle to the Front with D3

JavaScript Read File Without Using Input

Understanding Promises in Node.Js

How to Set a JavaScript Object Values Dynamically

Browser-Independent Way to Detect When Image Has Been Loaded

How to Create Streams from String in Node.Js

Everything Is an Expression

Encrypting Data with Ruby Decrypting with Node

How to Serialize Dom Node to JSON Even If There Are Circular References

Adding/Removing Items from a JavaScript Object with Jquery

How to Intercept Xmlhttprequests from a Greasemonkey Script

Multiple, Sequential Fetch() Promise

How to Load Binary Image Data Using JavaScript and Xmlhttprequest


Leave a reply



Submit