In Chrome Cookies Need To Have the SameSite Attribute Set

As of Chrome 78 my app now has 30+ warnings saying:

A cookie associated with a cross-site resource at <URL> was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.

Is this something we can resolve in our app or is it up to the 3rd party packages to include this? I’m getting this message on regular client routes in Iron Router in my browser console.

The offending cookies are almost all from Google and Stripe.

If the cookies are from Google and Stripe, then it’s up to Google and Stripe to change the settings on their own cookies/servers right?

Funny that Google isn’t compliant with a Chrome policy

Maybe the cookies just haven’t reached expiry and been updated with the new setting?

Yeah there’s a lot of chatter about how so many of the offending cookies are from Google. And Chrome 80 which was supposed to release today and finally enforce the warnings as errors has been updated that it won’t enforce this issue until February 17th, 2020.

Guess it’s on the vendors to update.

1 Like