66

Is anybody else getting this Chrome console warning?

A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .

In Chrome Flags chrome://flags/ I've tried disabling both:

  • SameSite by default cookies

  • Cookies without SameSite must be secure

And the warning won't go away.

Tom Shaw
  • 1,642
  • 2
  • 16
  • 25
  • 5
    I had this because I was running/debugging multiple sites on localhost and the cookies were still there from an old site I was debugging. After i cleared the application cache and reloaded the page the errors did not return. So in short, try clearing your cache. – Post Impatica Oct 03 '19 at 23:29
  • As @Helzgate mentioned, this was my case as well. And I confirmed by opening an incognito window with dev console open and the warnings disappeared – sizzlecookie Oct 09 '19 at 15:01
  • In my case disabling SameSite=None hidden the warning. – mdiiorio Oct 29 '19 at 10:11
  • 1
    I would be really nice if Chrome mentioned the name of the offending Cookie in the console message. – Waruyama Feb 05 '20 at 14:25
  • https://textslashplain.com/2019/09/30/same-site-cookies-by-default/ – Jeff Puckett May 18 '20 at 20:17

6 Answers6

51

This is something that the third-party cookie setters (like Stripe) need to handle on their end.

I reached out to Stripe because I was getting this message for Stripe payments.

Stripe support response:

It looks like we're already tracking this internally as this warning comes from Stripe.js, not from react-stripe-elements. For now this is a warning and won't affect payments, and we're working on a fix which will eliminate this message and be compatible with Chrome's upcoming cookie-handling changes.

(Me) So, it's all on your end? I don't need to do anything?

No, this is something we have to get worked out on our end.

Oh, if you're a developer at Stripe/Facebook/Pinterest/so-forth, this answer won't work for you ;)

user984003
  • 28,050
  • 64
  • 189
  • 285
39

You can disable them through chrome://flags Cookie Deprecation messages disabled.

Screenshot of chrome://flags with option to disable

displacedtexan
  • 976
  • 8
  • 17
  • 81
    your website visitors can still see it. I don't think you should disable it. rather fix the problem. if you are a developer/owner for the site. –  Oct 08 '19 at 13:45
  • 17
    _Obviously_ you should fix it but the question was about disabling the warning. – displacedtexan Oct 08 '19 at 13:52
  • 4
    This shouldn't be the chosen answer. It is not fixing, it is sweeping message under carpet. – ykaragol Dec 02 '19 at 07:18
  • 6
    You're not wrong, but again the original question was about disabling the warning. The original accepted answer has been deleted and it did address how to take care of the issue. Feel free to submit an answer that addresses how to fix it, and I'll still leave this up for people who are trying to disable the message for development on localhost, as I was. – displacedtexan Dec 02 '19 at 16:39
  • 9
    A majority of these warnings are from third parties (in my case, all), so it's not necessarily up to *us* to fix it. We can't tell Google to fix their cookies and expect to get a response. This fix keeps the console clean for developers working on the the code they *can* control, thanks. – Novocaine Dec 12 '19 at 13:24
  • 2
    Please anyone who has this problem do not apply this solution to it! – EugenSunic Mar 05 '20 at 10:34
  • 1
    Why not? I get a lot of this and this is cluttering console. It is harder to look for messages that do come from my site, not others – bojer Mar 19 '20 at 13:02
  • @displacedtexan can you please delete this answer so new developers don't get confused and do this--one should not ignore these warnings! – duhaime May 10 '20 at 17:32
2

Chrome version 80 will be available 4th of February. It looks like the console 'SameSite Cookie Attribute' warning is finally solved by Google. You can download Chrome Beta and make your own tests before the launch of the official version 80.

Ben Cox
  • 1,393
  • 10
  • 28
finnmarko
  • 29
  • 1
1

I have the same problem with paypal script and since its only them able to set the cookie, they need to fix it so browsers defaulting to this feature will be able to show the content to users properly.

Nándor Szűcs
  • 151
  • 1
  • 9
  • We apologize for any inconvenience. We have notified the product development teams about the warning message display on chrome console and the warning message will not affect any PayPal transactions, also our internal teams are aware of the future updates. Thank you for helping us. Sincerely, Srinivasan Merchant Technical Support PayPal, Inc. ref:_00D30LaY._5002E1RKeGP:ref – Nándor Szűcs Oct 25 '19 at 12:05
1

This is what was required for me in order to finally fix the problem. Read the warning carefully and enabled/disabled required elements in my google chrome settings

  1. in you URL type chrome://flags
  2. in the search box (Search flags) type cookie
  3. follow the screenshot enter image description here

Do not ignore the warning and hide the warning messages!

Consider this as a workaround, Ideally whichever 3rd party app you are trying to load needs to have SameSite=None and Secure params in their headers set.

EugenSunic
  • 13,162
  • 13
  • 64
  • 86
1

Clearing my site data worked for me, and i hope it helps others:

enter image description here

I am using the same vuejs - Axios setup as a previous development enviorment which was utilizing the new PWA tech. So clearing the Application cache was the fix.

Sweet Chilly Philly
  • 3,014
  • 2
  • 27
  • 37