8

I'm building an app with ReactJS and with the latest change to Chrome we're unable to get the cookie back as it's provided by a Central Authentication Service. Granted, in prod it'll have the same domain as the JS app, but for now it is breaking the app locally. I know about SameSite=None; Secure but that still needs the third party app (the React app) to access using a secure connection. To me going through those changes locally is overkill.

Is there no other way?

Edit: I have also tried mapping to a domain equal to the auth server in the hosts file but it didn't work.

Daniel Arechiga
  • 847
  • 7
  • 19

1 Answers1

2

I'm passing for the same difficulty. According to what I read/researched there is nothing that can be done. Who should do this is whoever provides the service/cookie.

A temporary solution is to disable the flags "SameSite by default cookies" and "Cookies without SameSite must be secure", to do this go to: chrome://flags.

More info: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

Patrick
  • 103
  • 11
  • 1
    the problem is that the most they can do is set the `SameSite=None; Secure` which doesn't spare you from doing what I mentioned above. – Daniel Arechiga Feb 13 '20 at 19:30