{"id":8486,"date":"2020-04-01T06:14:21","date_gmt":"2020-04-01T10:14:21","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=8486"},"modified":"2022-01-05T15:46:05","modified_gmt":"2022-01-05T20:46:05","slug":"fix-samesite-attribute-warning","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/fix-samesite-attribute-warning\/","title":{"rendered":"How to Fix SameSite Attribute Warning in Google Chrome"},"content":{"rendered":"\n
You may run into the SameSite attribute warning in Google Chrome developer tools when accessing some websites. This is an important warning that the web browsers are rejecting these cookies.<\/p>\n\n\n\n
You can tell if you are affected if you head on over to the web browser developer tools and see such a message.<\/p>\n\n\n\n
A cookie associated with a cross-site resource at http:\/\/wp.com\/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies<\/strong> \u2026<\/em><\/p>\n\n\n\n This issue can be of some concern to developers who do not understand what is going on. Again this warning may show up several times per page especially when using CMS’s like WordPress<\/a> loaded with plugins that compound the issue.<\/p>\n\n\n\n The SameSite attribute tells web browsers whether or not to allow cookies in first or third-party situations. As of February 4th, 2020, Google Chrome 80 browser enforces first-party default on all cookies that don’t have the attribute set. <\/p>\n\n\n\n Values for the SameSite attribute include:<\/p>\n\n\n\n Google Chrome 80 and above changed the default value from ‘none’ to ‘lax’. It is also important to note that SameSite=None cookies must also be marked as Secure otherwise they will be rejected.<\/p>\n\n\n\n If you need greater security such as for financial institutions, medical institutions, etc, you may need to update your attributes to ‘ For the rest of the developers and publishers you need to update your SameSite attribute to ‘SameSite=None; Secure’ to ensure Chrome doesn’t reject your cookies. The consequences can be a decline in Ad revenue, unpredictable retargeting, conversion tracking, and\/or analytics.<\/p>\n\n\n\n If you have PHP until 7.2<\/p>\n\n\n\n or<\/p>\n\n\n\n Or if you are using PHP 7.3 or higher, you can use:<\/p>\n\n\n\n You can also send it out using JavaScript using:<\/p>\n\n\n\n This can also be done using your web server for those who have access to it. You need to enable mod_headers. For this example using Ubuntu 18.04 \/ Apache 2.4.29 you can do it like so:<\/p>\n\n\n\n Find out more about installing mod_headers Apache module<\/a>.<\/p>\n\n\n\n Add the following directive to the Apache VirtualHost configurations:<\/p>\n\n\n\n Restart Apache:<\/p>\n\n\n\n The apache option is suitable for most virtual hosts and for those using platforms such as WordPress where you may not want to tinker with the core code. You can find out more here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" You may run into the SameSite attribute warning in Google Chrome developer tools when accessing some websites. This is an important warning that the web browsers are rejecting these cookies….<\/p>\n","protected":false},"author":1,"featured_media":8487,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,23,27,16],"tags":[58,106,129,276,313,320,433,526,543,635,636,638],"yoast_head":"\nWhat are the values for the SameSite attribute?<\/h2>\n\n\n\n
How do I prepare for this?<\/h2>\n\n\n\n
SameSite=Lax<\/code>‘ or ‘
SameSite=Strict<\/code>‘. Note that Chrom 80 default is ‘
SameSite=Lax<\/code>‘.<\/p>\n\n\n\n
How to set the SameSite attribute<\/h2>\n\n\n\n
setcookie('key', 'value', time()+(7243600), "\/; SameSite=None; Secure");<\/code><\/pre>\n\n\n\n
header('Set-Cookie: cross-site-cookie=name; SameSite=None; Secure');<\/code><\/pre>\n\n\n\n
setcookie('key', 'value', ['SameSite' => 'None', 'Secure' => true]);<\/code><\/pre>\n\n\n\n
echo "<script>document.cookie('key=value; SameSite=None; Secure');<\/script>";<\/code><\/pre>\n\n\n\n
$ sudo a2enmod headers<\/code><\/pre>\n\n\n\n
Header edit Set-Cookie ^(.*)$ "$1; Secure; SameSite=None"<\/code><\/pre>\n\n\n\n
$ sudo systemctl restart apache2<\/code><\/pre>\n\n\n\n