Where to add `SameSite=None`?
P粉652523980
2023-08-27 21:20:48
<p>The following code appears on my site and I can't make sense of this despite my best efforts, so I have a few questions, please read on. </p>
<p><code>category-search-Forum:1 The cookie associated with the cross-site resource at https://www.google.com/ was set without the 'SameSite' attribute. It has been blocked because Chrome now only passes cookies with cross-site requests if "SameSite=None" and "Secure" are set. You can view cookies and see more details in Developer Tools under Application > Storage > Cookies: https://www.chromestatus.com/feature/5088147346030592 and https:/ /www.chromestatus.com/feature/5633521622188032.</code></p>
<p>I saw a lot of people talking about this on stack and other places online, but no one explained exactly how to add <code>SameSite=None</code>. </p>
<h1>1 question: How or where do I add <code>SameSite=None</code>? </h1>
<p>View errors to learn what "safe" is</p>
<p>Does this mean <code>SameSite=Secure</code>? </p>
What is the difference between <p><code>SameSite=None</code> and <code>SameSite=Secure</code>? </p>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
I had a similar problem on my Electron application/browser side
credentials: 'omit'solved the warning issue for me// Example await fetch('https://example.com', {credentials: 'omit'});I am writing here because this is the first link in Google and I believe it will help people like me; xoxoxo
As discussed here: https://blog. chromium.org/2019/10/developers-get-ready-for-new.html
This is actually a server-side problem. What it means is that you are using a resource from another site (most commonly JS or CSS), and that server is trying to set a cookie; however, it does not set the
SameSiteattribute.The reason for this is:
Since your post does not define whether you are working on the server side or client side, my assumption is that you are working on the client side and, therefore, there is nothing you can do since the resource needs to update it. However, if you are doing server-side development, here is a list of resources in different languages: https://github .com/GoogleChromeLabs/samesite-examples
TLDR;If you are a client developer, this is because the linked resource does not have this setting, and there is nothing you can do about it. If you are a server-side developer, check out the github link for examples on how to fix this for your site.
Edit: If you just want to remove the message, the solution is discussed here: Chrome Console SameSite Cookie Property Warning, you can deprecate the message via
chrome://flags Cookie DisableDisable them.