Google-chrome – Cross-site resource at was set without the `SameSite` attribute .NET

cookiesgoogle-chromesamesite

How to solve SameSite attribute?

:1 A cookie associated with a cross-site resource at http://doubleclick.net/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

same for google.com, linkedin, facebook.com, twitter.com. etc

Unable to add 'Samesite' attributes. What will be the best way to get this solve?

Best Answer

The reason why you are getting this warning is because you are using an external resource (like an image). In my case, I copied an image URL/Address online and included it into my project. I didn't save it in a folder, so I got that warning.

The way I solved it is simple: I just said it: download whatever file you are trying to access locally and that warning will disappear.

Hope this helps

Related Solutions

Php – How to fix “set SameSite cookie to none” warning

I'm also in a "trial and error" for that, but this answer from Google Chrome Labs' Github helped me a little. I defined it into my main file and it worked - well, for only one third-party domain. Still making tests, but I'm eager to update this answer with a better solution :)

EDIT: I'm using PHP 7.4 now, and this syntax is working good (Sept 2020):

$cookie_options = array(
  'expires' => time() + 60*60*24*30,
  'path' => '/',
  'domain' => '.domain.com', // leading dot for compatibility or use subdomain
  'secure' => true, // or false
  'httponly' => false, // or false
  'samesite' => 'None' // None || Lax || Strict
);

setcookie('cors-cookie', 'my-site-cookie', $cookie_options);

If you have PHP 7.2 or lower (as Robert's answered below):

setcookie('key', 'value', time()+(7*24*3600), "/; SameSite=None; Secure");

If your host is already updated to PHP 7.3, you can use (thanks to Mahn's comment):

setcookie('cookieName', 'cookieValue', [
  'expires' => time()+(7*24*3600,
  'path' => '/',
  'domain' => 'domain.com',
  'samesite' => 'None',
  'secure' => true,
  'httponly' => true
]);

Another thing you can try to check the cookies, is to enable the flag below, which—in their own words—"will add console warning messages for every single cookie potentially affected by this change":

chrome://flags/#cookie-deprecation-messages

See the whole code at: https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md, they have the code for same-site-cookies too.

Google-chrome – Chrome Console SameSite Cookie Attribute Warning

This is something that the third-party cookie setters (like Stripe) need to handle on their end.

I reached out to Stripe because I was getting this message for Stripe payments.

Stripe support response:

It looks like we're already tracking this internally as this warning comes from Stripe.js, not from react-stripe-elements. For now this is a warning and won't affect payments, and we're working on a fix which will eliminate this message and be compatible with Chrome's upcoming cookie-handling changes.

(Me) So, it's all on your end? I don't need to do anything?

No, this is something we have to get worked out on our end.

Oh, if you're a developer at Stripe/Facebook/Pinterest/so-forth, this answer won't work for you ;)

Best Answer

Related Solutions

Php – How to fix “set SameSite cookie to none” warning

Google-chrome – Chrome Console SameSite Cookie Attribute Warning

Related Topic