0

I get this error 

A cookie associated with a cross-site resource at http://vimeo.com/ was set without the `SameSite` attribute. 
A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` 
and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at 
https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

So I have looked into Header set Set-Cookie HttpOnly;Secure;SameSite=Strict I have also looked into setcookie('vuid', 'pl793637742.1596158948', time() + 7700, '/', '.vimeo.com; SameSite=none;');

but am still getting the warning. When I go to Chrome Dev Tool > Application > Cookies, I see that player.vimeo.com has a cookie Name: vuid + Value: pl793637742.1596158948 + Domain: .vimeo.com ... and under SameSite there is nothing/no check mark.

Any help to debug or fix this vimeo, SameSite is appreciated. Thank you!

Armando Silva
  • 181
  • 12
  • Is something not working, or are you just trying to get rid of the [warning from the developer console](https://stackoverflow.com/a/58320564/231316)? – Chris Haas May 15 '20 at 18:25
  • just trying to get rid of the warning. they used `response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");` for javascript. but in php I did the method: 2.4 from the top answer on https://stackoverflow.com/questions/39750906/php-setcookie-samesite-strict/51128675#51128675 – Armando Silva May 15 '20 at 18:57
  • 2
    There really shouldn't be anything that you can do to fix this, it is on [Vimeo's side](https://github.com/vimeo/player.js/issues/482). Per [spec](https://tools.ietf.org/html/rfc6265#section-4.1.2.3), cookies set with domains that don't match the document's origin should be reject by browsers. – Chris Haas May 15 '20 at 19:09

0 Answers0