javascript google-chrome cookies samesite

javascript - Advertencia de SameSite Chrome 77



google-chrome cookies (1)

Desde la última actualización, tengo un error con las cookies, relacionadas con el atributo SameSite.

Las cookies son de desarrolladores externos (Fontawesome, jQuery, Google Analytics, Google reCaptcha, Google Fonts, etc.)

Los errores en la consola de Chrome son así.

A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>. (index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. (index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. (index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. (index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. (index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. (index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. (index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

¿Hay algo que deba hacer en mi máquina o servidor local o es alguna característica que deberían implementar en futuras versiones de sus bibliotecas?


Esta advertencia de la consola no es un error o un problema real: Chrome solo está corriendo la voz sobre este nuevo estándar para aumentar la adopción del desarrollador.

La fecha de lanzamiento de una solución es el 02/04/2020 por: https://www.chromium.org/updates/same-site

Resolví el mismo problema agregando un encabezado de respuesta

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

SameSite evita que el navegador envíe la cookie junto con las solicitudes entre sitios. El objetivo principal es mitigar el riesgo de fuga de información de origen cruzado. También proporciona cierta protección contra ataques de falsificación de solicitudes entre sitios. Los valores posibles para el indicador son Lax o Strict.

Consulte this antes de aplicar cualquier opción.

Espero que esto te ayude.