Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add config option for Secure cookies; fix Chrome warning

See original GitHub issue

The following warning is shown in the developer console for a web client instance:

A cookie associated with a resource at URL was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.

This cookie management setting does not appear to be configurable via the Amplitude JS init options. Appears to be related to issue #239 and the related PR.

Mac Chrome Version 83.0.4103.61 Amplitude JS SDK 6.2.0

Somewhat related: to configure the SameSide cookie property, the JS SDK Cookie Management docs note to use option cookieSameSite, but the CHANGELOG.md notes the property is named sameSiteCookie. sameSiteCookie appears to be the correct/working name. The SDK docs should be updated to reflect this?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
blazzycommented, Jun 10, 2020

Hi @jfroom, The secure flag can be set with the secureCookie option. You might do something like this when initializing amplitude: { secureCookie: window.location.protocol === 'https:' }.

Future versions of the SDK will likely default to SameSite=Lax, but this will might be a slightly breaking change for people that require cross domain form POSTing.

It’s also tempting to have the SDK default to using a Secure cookie if it detects that it’s being loaded on a site with https. This would also be a breaking change for sites that use both https and http.

1reaction
dana11235commented, Jun 1, 2020

Updated the docs to reflect this. Sorry about the error.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Turn cookies on or off - Computer - Google Account Help
On your computer, open Chrome. At the top right, click More More and then Settings. Under "Privacy and security," click Site settings. Click...
Read more >
Get Ready for New SameSite=None; Secure Cookie Settings
Only cookies with the SameSite=None ; Secure setting will be available for external access, provided they are being accessed from secure connections.
Read more >
Resolving Chrome SameSite cookie warnings and securing ...
Solution. To make the DNN and HTTP cookies fully secure and have a SameSite attribute defined in them, you must open your web.config...
Read more >
New cross-site cookie not 'SameSite' warning in Chrome #561
So we have rails api + react app on FE. I'm setting cookie on the backend with httpOnly: true and secure so cookie...
Read more >
php - How to fix "set SameSite cookie to none" warning?
A cookie associated with a cross-site resource at (Here is my domain) was set without the SameSite attribute. A future release of Chrome...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Same site attribute not used for test cookies

Next page

Override device_model