Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Same site attribute not used for test cookies

See original GitHub issue

This warning shows up even with sameSite configured.

Cookie “amplitude_cookie_test” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

It’s because the function areCookiesEnabled sets the cookies and is called before sameSite attribute is set. https://github.com/amplitude/Amplitude-JavaScript/blob/92829d1588db8eb01fcefa84ee8951ede3543459/src/metadata-storage.js#L12-L21

Issue Analytics

State:
Created 3 years ago
Reactions:4
Comments:6 (1 by maintainers)

Top GitHub Comments

3reactions

kelvin-lucommented, Sep 8, 2020

Hi @quarties ! sorry for the lack of communication - we flagged this as an issue a few weeks back and are hoping to resolve this in the coming (~1 -2) weeks - we’ll keep you posted!

1reaction

gabberrcommented, Jul 1, 2020

We are having the same issue. Console log is spammed with the missing sameSite warnings. On v7.1, areCookiesEnabled is to blame:

It tries to use Constants.COOKIE_TEST which is undefined (should be COOKIE_TEST_PREFIX)
it calls set with no options, so the sameSite warnings will be printed everytime.

const areCookiesEnabled = () => {
  const uid = String(new Date());
  try {
    const cookieName = Constants.COOKIE_TEST + base64Id();
    set(cookieName, uid, {});
    const _areCookiesEnabled = get(cookieName + '=') === uid;
    set(cookieName, null, {});
    return _areCookiesEnabled;
  } catch (e) {}
  return false;
};