0

The issue that I have is, we have Website in ASP.NET which works as standalone site and is also launched as plugin from third party application. This is due to chrome update related to https://blog.heroku.com/chrome-changes-samesite-cookie

The standalone site works fine however the plugin is completely broken.

What can be done so as to cookies work correctly on standalone as well as on plugin?

The changes done are: In web.config I have added as follows:

This is to let the cross-site cookies work currently when plugin launches the site. But seems like still the plugin does not work and it shows the error:

A cookie associated with a cross-site resource at http://test.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure.

Dee P
  • 7
  • 5
  • I don't know asp.net but I fixed our node.js code as: at server while setting cookie, try to make a change that makes SameSite attribute value as None. – Zeeshan Hassan Memon Mar 05 '20 at 16:04
  • Does this answer your question? [How to set SameSite cookie attribute to explicit None ASP NET Core](https://stackoverflow.com/questions/56066832/how-to-set-samesite-cookie-attribute-to-explicit-none-asp-net-core) – Zeeshan Hassan Memon Mar 05 '20 at 16:09
  • Can you be more specific about how your site is breaking? If it is related to the `SameSite` cookie changes, then you will want to look at if there are cookies in your site that should be marked with `SameSite=None; Secure` or if you should be investigating other options. – rowan_m Mar 06 '20 at 09:44
  • I updated the details in my query above – Dee P Mar 06 '20 at 13:56
  • The issue is also because seems like we have legacy ASP.Net based website (.Net 4.7.2) Has anyone worked with same site attribute for ASP.Net Websites? – Dee P Mar 06 '20 at 19:28

1 Answers1

0
  1. List item

IIS needs URL rewrite module needs to be installed for IIS located at: https://www.microsoft.com/en-us/download/confirmation.aspx?id=47337

  1. web.config needs to be updated to include outbound rules for url cookies specified as in Preventing CSRF with the same-site cookie attribute After updating this errors resolved
Dee P
  • 7
  • 5