Cloudflare A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute

Kuro · Jun 7, 2019

I'm using Chrome Canary 77.0
Many websites are warned as such. My website is also similar.
I wonder how to fix it?
(ex: Centmin Mod Community Support Forums )

I have read through the solution with nginx here. But when I added it, Nginx configuration failed.
Add samesite to cookies using Nginx as reverse proxy
(other SameSite cookies explained | web.dev)

eva2000 · Jun 7, 2019

did you have to enable any Canary flags to show those depreciation notices ? as I ran Canary browser and not seeing them ?

though from web.dev site

Caution: Neither Strict nor Lax are a silver bullet for your site security. Cookies are sent as part of the user's request and you should treat them the same as any other user input. That means sanitizing and validating the input. Never use a cookie to store data you consider a server-side secret.

Finally there is the option of not specifying the value which has previously been the way of implicitly stating that you want the cookie to be sent in all contexts. In the latest draft of RFC6265bis this is being made explicit by introducing a new value of SameSite=None. This means you can use None to clearly communicate you intentionally want the cookie sent in a third-party context.
Click to expand...

Objective: If you provide a service that other sites consume such as widgets, embedded content, affiliate programmes, advertising, or sign-in across multiple sites then you should use None to ensure your intent is clear.
Click to expand...

Likewise, any clients that do not recognize SameSite=None as of yet should ignore it and carry on as if the attribute was not set.
Click to expand...

Kuro · Jun 7, 2019

Looks like Chrome or Cloudflare just got something fixed. (I reported this to Cloudflare earlier)

eva2000 · Jun 7, 2019

Kuro said: ↑

Looks like Chrome or Cloudflare just got something fixed. (I reported this to Cloudflare earlier)
Click to expand...

Nice.. either way setting such a cookie config would usually be done on your web application level if needed

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Cloudflare A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute

Kuro Member

eva2000 Administrator Staff Member

Kuro Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Cloudflare A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute

Kuro Member

eva2000 Administrator Staff Member

Kuro Member

eva2000 Administrator Staff Member

.