Menu
A cookie has been set with the SameSite=Strict attribute. When Javascript tries to read the cookie before making an XHR request the cookie seem to be unavailable. But the developer tools show the cookie exists. This problem is happening only in the recent version of Firefox. Not sure if I am missing anything. The domain and the path are set right on the cookie.
641
Go to chrome://flags and enable (or set to "Default") both #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure. Restart Chrome for the changes to take effect, if you made any changes.
SameSite=None requires Secure The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected. To fix this, you will have to add the Secure attribute to your SameSite=None cookies. A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol.
Click Tools > Options. Click Privacy in the top panel. Click the Cookies tab. Select the checkbox labeled 'Allow sites to set cookies.
Apparently, it depends on how you get to the page that performs the XHR request. If you get there by clicking on a link on another website (say, following a link on your webmail client), the Strict cookies will not be available, even in subsequent XHR requests! This behaviour seems to be different in Firefox than in other browsers.
Some more info you may find here: https://www.netsparker.com/blog/web-security/same-site-cookie-attribute-prevent-cross-site-request-forgery/
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
