SameSite
Common Warnings
As more and more browsers are adopting the SameSite
attribute, browsers have been displaying warnings and other messages to
let developers know of the changes and that they should start
implementation. Below are some of the popular warning you may run into.
SameSite
attribute:SameSite
attribute. A future release of Chrome will only
deliver cookies with cross-site requests if they are set with
SameSite=None
and Secure
. You can review cookies
in developer tools under Application > Storage > Cookies and see more
details at https://www.chromestatus.com/feature/5088147346030592
and https://www.chromestatus.com/feature/5633521622188032
This warning will show up in Chrome devtools if your site does not
return the SameSite
cookie attribute. If you have not already
set it up, you should do it as soon as possible.
To fix this you want your cookies to look as following:
Set-Cookie: color=blue; SameSite=Lax
SameSite=None
but missing
Secure
:This error will show up if you set the SameSite
attribute
to None
but did not add the Secure
flag to the
cookie.
To fix this you want your cookies to look as following:
Set-Cookie: color=green; SameSite=None; Secure
SameSite
:This warning will show up if you do not include the
SameSite
attribute so some browsers may by default add the
SameSite=Lax
. You should set the attribute on the server side
to fit your needs.