Comments (13)
The cookies triggering the warning are coming from google.com
so you will not be able to alter them. The Ads team is aware of these issues and is working to get their cookies fixed before the Feb 2020 stable date. It also means that none of the header directives you're specifying will affect the google.com
cookie, it will only cover cookies set for your site.
If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes.
That said - I'll leave this open because I should get some Apache examples in to show transforming cookies.
from samesite-examples.
I did a lot of reading on the SameSite warnings and somehow the basics had eluded me. The clarity you've given will help me authoritatively explain the warnings to my client. Thank you so much for this answer!
from samesite-examples.
Why is the name of the Cookie not included in the message? A cookie associated with a cross-site... is very obscure. Why not write The cookie "auth0_compat" associated with a cross-site.... Currently I get the SameSite warning and I just cannot find the cookie that it refers to (yes, I read the debugging about SameSite changes).
from samesite-examples.
Now that Chrome 80 is being rolled out is there any update as to when Google are going to fix the adwords tracking?
from samesite-examples.
Is there anyone we can contact to get an update re Google Adwords team rolling out the changes on their side?
from samesite-examples.
Google's cookies should generally be fixed now. You will still see warnings as:
- some cookies that are only for 1P usage may not have been updated, so they will be restricted without impacting functionality
- some cookies that are for 3P usage may not include the
SameSite
attribute for compatibility reasons with old browsers - your browser may still have cookies that have not been updated
To reduce noise, I suggest testing in an incognito session ensuring that you only visit the site under test to reduce the amount of extra cookies in the browser.
However, be aware that you may still see warnings for blocked cookies that are not affecting the behaviour of the site.
In the example screenshot above the error is related to a Content-Security Policy directive. In this case, I would investigate how the Facebook functionality you are using is being embedded in the page.
from samesite-examples.
Based on the Chromium SameSite updates page, I believe the SameSite behavior won't be rolled out until Feb 17.
from samesite-examples.
My OpenCart 2.3 also seems to have the same problem with SameSite, But based on your discussion, I still don't know how to solve this problem.
Can anyone tell me what to do?
My payment gateway and Facebook Message module, There are related warning messages and they do not work correctly:
When I remove Facebook messages, the screen displayed by Google Chrome:
Can you tell me how to fix it in steps and steps?
Thank you!
from samesite-examples.
using google analytics in a chrome extension
static setup() {
(function(i, s, o, g, r, a, m) {
i['GoogleAnalyticsObject'] = r;
(i[r] =
i[r] ||
function() {
(i[r].q = i[r].q || []).push(arguments);
}),
(i[r].l = 1 * new Date());
(a = s.createElement(o)), (m = s.getElementsByTagName(o)[0]);
a.async = 1;
a.src = g;
m.parentNode.insertBefore(a, m);
})(
window,
document,
'script',
'https://www.google-analytics.com/analytics.js',
'ga'
); // Note: https protocol here
ga('create', google_analitycs_token, 'auto'); // Enter your GA identifier
ga('set', 'checkProtocolTask', function() {}); // Removes failing protocol check. @see: http://stackoverflow.com/a/22152353/1958200
}
Chrome version:
Google Chrome is up to date
Version 80.0.3987.162 (Official Build) (64-bit)
When loading the extension getting "ERROR" mark:
which is this warning:
A cookie associated with a cross-site resource at http://google.com/ was set without the
SameSite
attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set withSameSite=None
andSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
The warning itself is not an issue, however, getting an ERROR flag due to this, is an issue. This cookie setting should have been fixed with version 80? Still, work in progress?
from samesite-examples.
Thanks for your reply!
In fact, I have very limited information, I can only provide how to reproduce the environment that may cause this.
Can you use the test account I provided to test the checkout process?
My test steps:
Enter in the URL column of Chrome: chrome://flags/ and search "SameSite"
Enable the following experiments:
SameSite by default cookies
Cookies without SameSite must be secure
Product link to test the checkout process:
https://www.tylee.tw/?route=product/product&product_id=10008
Email address: [email protected]
Password: ZtU1YoRnQzwfp5ojNoVK
Please select the same payment and shipping method:
Please select the same payment method: ATM(僅限台灣地區使用)
Please select any store and click [確認]
Please select any bank name and click [取得繳費帳號]:
Please click this button: [返回商店]
Can you test if all the checkout processes have been fixed for me?
This is My Facebook message code information, I also temporarily restored this code:
Copy/Paste this code into the or tag of your website (same as your Google Analytics code).
<script async src="//static.zotabox.com/8/2/82bb83cfadf95ad1f9045a684ad591f1/widgets.js"></script>Step 1: Refresh website browser after embedding code.
Step 2: Turn on tool and refresh browser again (Ctrl+F5).
Dear Sir, Can you help me test?
Thank you!
from samesite-examples.
Has there been any movement on this issue. I'm managing GTMs for an advertising firm that is seeing this same issue across dozens of websites.
Using Google Tag Assistant we see An error occured while the tag was fired: net::ERR_ABORTED
.
In the Chrome inspector we get: "A cookie associated with a cross-site resource at http://google.com/ was set without the SameSite
attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None
and Secure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032."
We've been in touch with support at Google Ads, they cannot help. Our tags are valid html.
Another tell is that using "#google-wcc-force" no longer works as a debug tool. IF you click "force" you can see the tag rewrite the phone numbers.
here is one such webpage you can see the issue:
https://www.cosselawfirm.com/
Thanks,
Shawn
from samesite-examples.
i am facing an error in chrome (After logging in to the page by providing username and password its allowing but when we sign out of the page and refresh the login page its not asking the credentials, its logging to the page directly with out asking the credentials) can some please help on this hoe to overcome this situation i tried the below scenarios but its not working.
1 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
2 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure"
3 Trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
Header onsuccess edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
1 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP
2 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure"
3 Trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP
Header onsuccess edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP
from samesite-examples.
My client's website is getting these SameSite cookie warnings in Chrome. The cookies are due to Google Ad Conversion Tracking on a Wordpress Site. The site is on a Apache/2.4.7 (Ubuntu) hosted by DreamHost running PHP 7.1, always running on
https
. To my.htaccess file
, I've tried adding:
Header always edit Set-Cookie (.*) "$1; SameSite=Lax"
and I tried
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
...and I tried
Header always edit Set-Cookie (.*) "$1; SameSite=None;Secure"
as well as many other combinations.I've tried your code for PHP 7.2 and below as shown on this website:
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');
Could we get some clarity on where this code should go? And perhaps a real working example? Does it go in an
.htacesss
file or inphp.ini
, or where in the php code should it be called? Also, it's not clear what should be used for the"name"
in your example code, or if I even need to change that value, as the dev tools show over 10 cookie names associated with the google address.Here's the warning I'm getting in the Chrome Console:
(index):1 A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
this Site is hosted on IBMHTTPserver and the below changes are done on httpd.conf file. the issue is we logged in to client page when we sign out from from that page it's getting signed out from that page. but when refresh the page the credentials are taken automatically, credentials have to asked. but in IE its working fine. could you please help me on this
1 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
2 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure"
3 Trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
Header onsuccess edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
1 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP
2 trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure"
3 Trail:
1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP
Header onsuccess edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP
Trail 1:
2. Remove duplicate SECURE flag (this keeps the above regex simpler)
Header always edit Set-Cookie "(.(\s+|;)(?i)Secure(\s+|;).) Secure$" "$1" env=!SAMESITE_SKIP
Trail 2:
2. Remove duplicate SECURE flag (this keeps the above regex simpler)
Header always edit Set-Cookie "(.(\s+|;)(?i)Secure(\s+|;).) Secure$" "$1" env=!SAMESITE_SKIP
Header onsuccess edit Set-Cookie "(.(\s+|;)(?i)Secure(\s+|;).) Secure$" "$1" env=!SAMESITE_SKIP
from samesite-examples.
Related Issues (20)
- What value should I send for `SameSite = None` and` Secure`? HOT 1
- SameSite = None, Secure = True for a local network HOT 1
- Use of SameSite with authenticated user-content domains HOT 2
- SameSite=None enabled but cookie not getting stored HOT 3
- Problem with session stored on browser (chrome latest version 80) HOT 3
- Java example
- Angular js version 1.5 is not supporting new google chrome sameSite = none mandatory
- How do I set it in a react app? HOT 1
- Rack::Session::Cookie example please HOT 2
- Could not make it work :( HOT 1
- Explanation of the logic used in this example HOT 3
- There are foos and bars without any sort of definition whatsoever. HOT 2
- Blocks in chrome 66
- SameSite = None;Secure for Google App Engine web apps; (SACSID) cookie blocked in iframe.
- I am facing this issue while I am trying my test page inside another website via IFRAME html. Please help me.. HOT 1
- [Question] Not treat cookies as SameSite=Lax by default in "document.cookie" on Browser ? HOT 2
- [Question] Cross-site cookie between HTTP and HTTPS? HOT 2
- Samesite cookie issue HOT 3
- SameSite=None in Spring Boot
- Seeking clarification
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samesite-examples.