New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with “sameSite“ attribute #620
Comments
I can't reproduce this (Firefox 75.0 on macOS Catalina). Where do you see such a warning, and which version/OS of Firefox are you seeing this in? Can you provide a screenshot? I suspect this warning comes from a different cookie.. |
The message appeared in Firefox 76.0b7 (Developer Edition) on Windows 10. But during the reproduction of the error, I just found out that this only appears to be an issue in this Developer Edition. I also reproduced the error on a macOS virtual machine, with macOS Mojave. There the warning also appears solely in the Developer Edition of Firefox but not in any other browser that I tested. That being said, it seems to be a very specific and in that sense currently not that important issue. I still created a fiddle to reproduce it (https://jsfiddle.net/4es6Lpka/). Attached are two screenshots from that fiddle which show the actual warning message (setting the Cookie before had no effect). |
Thanks! Ok, so, technically, removing a cookie is writing one (with an expiration date in the past). We’re currently not setting SameSite by default, so it defaults to “none”, and newer browsers start to require such a cookie to also have the Secure attribute. Hence the warning. I could imagine that browsers will become smarter in that they don’t issue a warning for a cookie that just expired (I think they should). @yaconnn Btw, in one of the screenshots, you’re using the api wrong — all cookie attributes go into a single object as argument. So it’s not |
One solution would be to specify Another solution might be to make |
Adding |
Perfect, thanks for putting efforts into solving the issue and clearing me up about the correct usage of the API. I just tried out your solution and it does solve it! :) |
In Firefox there is a warning hint popping up in the console constantly, stating that there would be an issue with the sameSite-Attribute: "Some cookies are misusing the recommended “sameSite“ attribute"
As far as I understood it, for future browser-versions it is required to define the Cookies' secure- and sameSite-Attributes. While this is easy to do, the problem is that this doesn't necessarily make the warning disappear. Whenever there is a Cookies.remove('name')-Function defined on the site, this would cause this error message to appear already. Even if the settings are defined correctly in the Cookies.set()-Function or if there isn't even any function defined to create a cookie at all.
Is there a solution, so the remove-Function wouldn't cause this error message anymore in FF?
The text was updated successfully, but these errors were encountered: