How to set Chrome experimental option same-site-by-default-cookie in python selenium

Question

I suppose this should work:

from selenium import webdriver
options = webdriver.ChromeOptions()
options.add_experimental_option('same-site-by-default-cookies', 'true')
driver = webdriver.Chrome(chrome_options=options)

to enable samesite cookies restrictions scheduled for future chrome version. It is not, there is error:

selenium.common.exceptions.InvalidArgumentException: 
Message: invalid argument: cannot parse capability: goog:chromeOptions
from invalid argument: unrecognized chrome option: same-site-by-default-cookies

I can change option manually using chrome://flags and see it is working. However I would like to automate it and just run testing script to see it.

There is java code here: https://groups.google.com/forum/#!topic/chromedriver-users/cI8hj7eihRo which could do it, however I'm not sure, how to transfer it to python.

Is there any reference available, which would help me to set this option or different options?

score 5 · Accepted Answer · answered Jan 21 '20 at 04:48

Tested on Chrome : Version 79.0.3945.130 (Official Build) (64-bit)

In Python you can use below code

    chrome_options = webdriver.ChromeOptions()
    experimentalFlags = ['same-site-by-default-cookies@1','cookies-without-same-site-must-be-secure@1']
    chromeLocalStatePrefs = { 'browser.enabled_labs_experiments' : experimentalFlags}
    chrome_options.add_experimental_option('localState',chromeLocalStatePrefs)
    driver = webdriver.Chrome(options=chrome_options)
    driver.get("https://www.bing.com")

Python selenium client will send the capabilities as below

[1579581631.792][INFO]: Starting ChromeDriver 79.0.3945.36 (3582db32b33893869b8c1339e8f4d9ed1816f143-refs/branch-heads/3945@{#614})
[1579581631.792][INFO]: Please protect ports used by ChromeDriver and related test frameworks to prevent access by malicious code.
[1579581632.264][INFO]: [f6b8433509c420fd317902f72b1d102d] COMMAND InitSession {
   "capabilities": {
      "alwaysMatch": {
         "browserName": "chrome",
         "goog:chromeOptions": {
            "args": [  ],
            "extensions": [  ],
            "localState": {
               "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
            }
         },
         "platformName": "any"
      },
      "firstMatch": [ {

      } ]
   },
   "desiredCapabilities": {
      "browserName": "chrome",
      "goog:chromeOptions": {
         "args": [  ],
         "extensions": [  ],
         "localState": {
            "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
         }
      },
      "platform": "ANY",
      "version": ""
   }
}

To check if its actually worked or not . Go to chrome://flags/

What does `@1` in `same-site-by-default-cookies@1` mean? What should I do if I want to set `same-site-by-default-cookies` to `Disable`? — Jason Law, Mar 05 '20 at 04:05
How can I set this in asp.net web application using Web.Config? It would be useful If anybody can provide me the solution. Thanks..! — Dennis Xavier, Aug 03 '20 at 10:45

score 1 · Answer 2 · edited Oct 07 '21 at 07:27

You saw it right.

As per the article Chrome browser pushes SameSite cookie security overhaul Chrome have added SameSite support which will require web developers to control cookies to access cookies across sites, using the SameSite attribute of the Set-Cookie header, which can be Strict, Lax, or None.

In the Chromium Blog Improving privacy and security on the web @BenGalbraith [Director, Chrome Product Management] and @JustinSchuh [Director, Chrome Engineering] mentioned:

This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used.

This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default. We also announced our plan to eventually limit cross-site cookies to HTTPS connections, providing additional important privacy protections for our users.

upar...@gmail.com in the discussion WebDriver mechanism to test samesite cookie security overhaul? demonstrated that you can enable sameSite cookie flag using localState experimental options of chromedriver through Selenium as follows:

ChromeOptions chromeOptions = new ChromeOptions();
HashMap<String, Object> chromeLocalStatePrefs = new HashMap<String, Object>();
List<String> experimentalFlags = new ArrayList<String>();
experimentalFlags.add("same-site-by-default-cookies@1");
experimentalFlags.add("cookies-without-same-site-must-be-secure@1");
chromeLocalStatePrefs.put("browser.enabled_labs_experiments",experimentalFlags);
chromeOptions.setExperimentalOption("localState", chromeLocalStatePrefs);

tl; dr

Documentations:

Thank you for you answer, I'm well aware what is SameSite attribute for and why I want to test it. However when I try to save experimental options in python selenium code, there is error: ```unrecognized chrome option: same-site-by-default-cookies``` which is problem, I want to solve. How can I save this experimental option in python? — Ľubomír Mlích, Jan 20 '20 at 06:03
Thanks for this - the localstate aspect was what we needed to get this setting disabled for a test. It is not very well documented on the Seleniumhq site. — SystemsInCode, Sep 10 '20 at 15:11

How to set Chrome experimental option same-site-by-default-cookie in python selenium

2 Answers2

tl; dr

Linked