Fix Not Working: A cookie associated with a cross-site resource was set without the `SameSite` attribute
I maintain an old ASP site for my company.
We have two different domains, A and B. Domain B appears in an iFrame, and we've been getting the SameSite warning.
The solution seems to involve adding "SameSite=None; Secure" to the header.
I added those values, and they show up in Chrome dev tools:
Despite the change:
- The warning still shows up.
- When enabled, the SameSite experimental features still block the cookie on the host site.
Anyone know what I might be doing wrong here?
What you have showing there is two cookies, one with the session id, and another whose name is SameSite. Neither of these have any SameSite attribute (hence the blank space under the SameSite column).
You're not supposed to set a separate cookie for SameSite=None. SameSite is a cookie attribute, which is meant to be attached to the cookie it refers to.
The way you use it is like this:
Set-Cookie: sessionid=12345; SameSite=None; Secure. Note that this is a single Set-Cookie header. If you use two separate Set-Cookie lines, the browser will interpret it as two separate cookies, which is not what you want.
- Bookmark :~:text= specifications
- How to download older versions of Chrome from a google official site
- console.log timestamps in Chrome
- handle both mouse and touch events on touch screens
- svg path not drawing for single point on chrome surface
- Why does my Angular 9 sort routine work great when using Google Chrome (Ch131) browser, but works poorly (gets Wait msg) when using MS Edge (Ch131)?
- Is there any way to debug chrome in any IOS device
- Retrieve a request using the requestId after the response is received in Firefox extension
- Chrome DevTools Debugger freezing once it hits breakpoint
- Is it possible to save MHTML with scripts included?
- Is there any way to use Web Share Api for other browsers than Chrome
- Process.Start(...) Suddenly Fails when Called by ASP.NET MVC 5 Running in IIS on Windows 10 and Windows Server 2019
- Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html"
- Finding JavaScript memory leaks with Chrome
- Video auto play is not working in Safari and Chrome desktop browser
- Google Chrome not launching on Ubuntu even after installing it
- Using Selenium on Mac Chrome
- Selenium - This version of ChromeDriver only supports Chrome version xx
- Debugging iframes with Chrome developer tools
- Chrome Print to PDF via Windows Command Prompt
- Using --js-flags in Google Chrome to get --trace output
- Using Google Charts in Chrome extension
- open multiple tabs on a single window by a single click using JavaScript
- Chrome DevTools - Performance Tab Summary
- What are the requirements for audio output in Chrome on Android?
- How can you hide the arrow that is displayed by default on the HTML5 <details> element in Chrome?
- How to use selenium with proxy auth in headless mode?
- How to detect ECMAscript version?
- autocomplete= off not working in chrome
- Why does menu item "Save all as har" no longer exist in chrome and what to do instead?