Google-chrome – Chrome Console SameSite Cookie Attribute Warning

google-chromegoogle-chrome-devtoolsgoogle-chrome-extension

Is anybody else getting this Chrome console warning?

A cookie associated with a cross-site resource at was set
without the SameSite attribute. A future release of Chrome will only
deliver cookies with cross-site requests if they are set with
SameSite=None and Secure. You can review cookies in developer
tools under Application>Storage>Cookies and see more details at
and .

In Chrome Flags chrome://flags/ I've tried disabling both:

SameSite by default cookies
Cookies without SameSite must be secure

And the warning won't go away.

Best Answer

This is something that the third-party cookie setters (like Stripe) need to handle on their end.

I reached out to Stripe because I was getting this message for Stripe payments.

Stripe support response:

It looks like we're already tracking this internally as this warning comes from Stripe.js, not from react-stripe-elements. For now this is a warning and won't affect payments, and we're working on a fix which will eliminate this message and be compatible with Chrome's upcoming cookie-handling changes.

(Me) So, it's all on your end? I don't need to do anything?

No, this is something we have to get worked out on our end.

Oh, if you're a developer at Stripe/Facebook/Pinterest/so-forth, this answer won't work for you ;)

Related Solutions

Javascript – Disable same origin policy in Chrome

Close chrome (or chromium) and restart with the --disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src="http://google.com" embedded in a page served from "localhost" (tested under chromium 5 / ubuntu). For me the exact command was:

Note : Kill all chrome instances before running command

chromium-browser --disable-web-security --user-data-dir="[some directory here]"

The browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.

From the chromium source:

// Don't enforce the same-origin policy. (Used by people testing their sites.)
const wchar_t kDisableWebSecurity[] = L"disable-web-security";

Before Chrome 48, you could just use:

chromium-browser --disable-web-security

Google-chrome – Disabling Chrome cache for website development

The Chrome DevTools can disable the cache.

Right-click and choose Inspect Element to open the DevTools. Or use one of the following keyboard shortcuts:

F12
Control+Shift+i
Command+Shift+i

Click Network in the toolbar to open the network pane.
Check the Disable cache checkbox at the top.

screenshot of development tools panel

Keep in mind, as a tweet from @ChromiumDev stated, this setting is only active while the devtools are open.

Note that this will result in all resources being reloaded. Should you desire to disable the cache only for some resources, you can modify the HTTP header that your server sends alongside your files.

If you do not want to use the Disable cache checkbox, a long press on the refresh button with the DevTools open will show a menu with the options to Hard Reload or Empty Cache and Hard Reload which should have a similar effect. Read about the difference between the options to know which option to choose. The following shortcuts are available:

Command+Option+R on Mac
Control+Shift+R on Windows or Linux

long press

Best Answer

Related Solutions

Javascript – Disable same origin policy in Chrome

Google-chrome – Disabling Chrome cache for website development

Related Topic