-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do I resolve same-site none for cookie given by Google Adwords Tracking? #4
Comments
The cookies triggering the warning are coming from If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes. That said - I'll leave this open because I should get some Apache examples in to show transforming cookies. |
I did a lot of reading on the SameSite warnings and somehow the basics had eluded me. The clarity you've given will help me authoritatively explain the warnings to my client. Thank you so much for this answer! |
Why is the name of the Cookie not included in the message? A cookie associated with a cross-site... is very obscure. Why not write The cookie "auth0_compat" associated with a cross-site.... Currently I get the SameSite warning and I just cannot find the cookie that it refers to (yes, I read the debugging about SameSite changes). |
Now that Chrome 80 is being rolled out is there any update as to when Google are going to fix the adwords tracking? |
Based on the Chromium SameSite updates page, I believe the SameSite behavior won't be rolled out until Feb 17. |
Is there anyone we can contact to get an update re Google Adwords team rolling out the changes on their side? |
Google's cookies should generally be fixed now. You will still see warnings as:
To reduce noise, I suggest testing in an incognito session ensuring that you only visit the site under test to reduce the amount of extra cookies in the browser. However, be aware that you may still see warnings for blocked cookies that are not affecting the behaviour of the site. In the example screenshot above the error is related to a Content-Security Policy directive. In this case, I would investigate how the Facebook functionality you are using is being embedded in the page. |
using google analytics in a chrome extension
Chrome version: When loading the extension getting "ERROR" mark: which is this warning:
The warning itself is not an issue, however, getting an ERROR flag due to this, is an issue. This cookie setting should have been fixed with version 80? Still, work in progress? |
Thanks for your reply! In fact, I have very limited information, I can only provide how to reproduce the environment that may cause this. Can you use the test account I provided to test the checkout process? My test steps: Enable the following experiments: Product link to test the checkout process: Email address: test@tylee.tw Please select the same payment and shipping method: Please select the same payment method: ATM(僅限台灣地區使用) Please select any store and click [確認] Please select any bank name and click [取得繳費帳號]: Please click this button: [返回商店] Can you test if all the checkout processes have been fixed for me? This is My Facebook message code information, I also temporarily restored this code: Copy/Paste this code into the or tag of your website (same as your Google Analytics code). <script async src="//static.zotabox.com/8/2/82bb83cfadf95ad1f9045a684ad591f1/widgets.js"></script>
Dear Sir, Can you help me test? Thank you! |
Has there been any movement on this issue. I'm managing GTMs for an advertising firm that is seeing this same issue across dozens of websites. Using Google Tag Assistant we see In the Chrome inspector we get: "A cookie associated with a cross-site resource at http://google.com/ was set without the We've been in touch with support at Google Ads, they cannot help. Our tags are valid html. Another tell is that using "#google-wcc-force" no longer works as a debug tool. IF you click "force" you can see the tag rewrite the phone numbers. here is one such webpage you can see the issue: Thanks, |
i am facing an error in chrome (After logging in to the page by providing username and password its allowing but when we sign out of the page and refresh the login page its not asking the credentials, its logging to the page directly with out asking the credentials) can some please help on this hoe to overcome this situation i tried the below scenarios but its not working. 1 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP 2 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" 3 Trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP 1 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP 2 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" 3 Trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP |
this Site is hosted on IBMHTTPserver and the below changes are done on httpd.conf file. the issue is we logged in to client page when we sign out from from that page it's getting signed out from that page. but when refresh the page the credentials are taken automatically, credentials have to asked. but in IE its working fine. could you please help me on this 1 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP 2 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" 3 Trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP 1 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP 2 trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" 3 Trail: 1. Add SameSite=None and Secure if no SameSite already.Header always edit Set-Cookie "^(?!.(\s+|;)(?i)SameSite=)(.)" "$0; SameSite=None; Secure" env=SAMESITE_SKIP Trail 1: 2. Remove duplicate SECURE flag (this keeps the above regex simpler)Header always edit Set-Cookie "(.(\s+|;)(?i)Secure(\s+|;).) Secure$" "$1" env=!SAMESITE_SKIP Trail 2: 2. Remove duplicate SECURE flag (this keeps the above regex simpler)Header always edit Set-Cookie "(.(\s+|;)(?i)Secure(\s+|;).) Secure$" "$1" env=!SAMESITE_SKIP |
My client's website is getting these SameSite cookie warnings in Chrome. The cookies are due to Google Ad Conversion Tracking on a Wordpress Site. The site is on a Apache/2.4.7 (Ubuntu) hosted by DreamHost running PHP 7.1, always running on
https
. To my.htaccess file
, I've tried adding:Header always edit Set-Cookie (.*) "$1; SameSite=Lax"
and I tried
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
...and I tried
Header always edit Set-Cookie (.*) "$1; SameSite=None;Secure"
as well as many other combinations.
I've tried your code for PHP 7.2 and below as shown on this website:
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');
Could we get some clarity on where this code should go? And perhaps a real working example? Does it go in an
.htacesss
file or inphp.ini
, or where in the php code should it be called? Also, it's not clear what should be used for the"name"
in your example code, or if I even need to change that value, as the dev tools show over 10 cookie names associated with the google address.Here's the warning I'm getting in the Chrome Console:
The text was updated successfully, but these errors were encountered: