Chrome is giving me the following warning:
A cookie associated with a cross-site resource at http://quilljs.com/ was set without the
SameSite
attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=None
andSecure
.
Note that quilljs.com is a 3rd party domain.
I have seen these questions, the answers on both questions are similar, some say something like this:
nothing to do with your code. its something their web servers will have to support.
While others provide an answer like this:
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
I am not sure if this is something that I need to fix in my website, or is it something that should be fixed on the 3rd party library?
Fixing common warnings The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected. To fix this, you will have to add the Secure attribute to your SameSite=None cookies. A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol.
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective countermeasure to cross-site request forgery, cross-site script inclusion, and timing attacks.
To prepare, Android allows native apps to set cookies directly through the CookieManager API. You must declare first party cookies as SameSite=Lax or SameSite=Strict , as appropriate. You must declare third party cookies as SameSite=None; Secure .
Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
The warning messages specifically call out the domain that's responsible for the cookie. In this case, it's quilljs.com
. If that's your domain, then you need to update the cookie there. If it's a third-party service that you rely on, then it's that service that needs to update their cookies.
Edit More context is available at https://web.dev/samesite-cookies-explained and https://web.dev/samesite-cookie-recipes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With