14

Chrome is giving me the following warning:

A cookie associated with a cross-site resource at http://quilljs.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.

Note that quilljs.com is a 3rd party domain.

I have seen these questions, the answers on both questions are similar, some say something like this:

nothing to do with your code. its something their web servers will have to support.

While others provide an answer like this: 

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

I am not sure if this is something that I need to fix in my website, or is it something that should be fixed on the 3rd party library?

Hooman Bahreini
  • 14,480
  • 11
  • 70
  • 137
  • 1
    I get the same error for other libraries as well, such as: *A cookie associated with a cross-site resource at http://cloudflare.com/ was set without the `SameSite` attribute* – Hooman Bahreini Dec 25 '19 at 00:55

1 Answers1

18

The warning messages specifically call out the domain that's responsible for the cookie. In this case, it's quilljs.com. If that's your domain, then you need to update the cookie there. If it's a third-party service that you rely on, then it's that service that needs to update their cookies.

Edit More context is available at https://web.dev/samesite-cookies-explained and https://web.dev/samesite-cookie-recipes.

rowan_m
  • 2,893
  • 15
  • 18
  • Thanks for your answer, are you able to include a reference for this please? – Hooman Bahreini Nov 14 '19 at 00:39
  • 3
    Updated with some context! – rowan_m Nov 14 '19 at 00:44
  • Hi, I have been to those two references but I still don't quite understand it. Unlike the author, I write my own php at ipage.com. Do I need to set a cookie on the php file or on the html file? I have never set any cookies before. – Azrudi Aug 11 '20 at 08:55