Cookie “portalroles” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute

Question

Getting this warning in Mozilla Firefox:

Cookie “portalroles” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Does anyone know when "soon" is going to be approximately, and by rejected I'm assuming Firefox will not allow the creation of such cookies?

EDIT: I failed to mention I checked out the article the warning is linking to and I couldn't find anything indicating a time frame or what rejected means.

Answer 1

For the schedule from Firefox, you can refer to their "Intent to implement" thread here: https://groups.google.com/g/mozilla.dev.platform/c/nx2uP0CzA9k/m/BNVPWDHsAQAJ

At the time of writing, it states:

Starting with Beta 79 today, we are rolling out this change to the default behavior of SameSite cookies to a small percentage of the beta population. The initial target is 10%, slowly increasing to 50% by the end of the beta cycle. We will hold at 50% for at least two more beta cycles, at which point we will consider introducing this to a small percentage of the Firefox release population.

However, some questions about the portalroles cookie. Is this one that you are setting? If so, is it intended for usage in a third-party context?

Basically, if this is your cookie and only required on your site, then I suggest setting SameSite=Lax.

If this cookie is required in a third-party context / cross-site requests, then you need to ensure you have SameSite=None; Secure.

Just setting SameSite=None without Secure is invalid.