Some cookies are misusing the recommended “sameSite“ attribute
randombrick opened this issue · 2 comments
randombrick commented
how to handle this console error?
sleepless-ninja commented
Browsers now prefer for this to be specified rather for them to set it by default (which they'll do anyway).
I was trying to answer this one out myself. So I'll put this here for anyone else looking for the answer.
Before calling:
new CookiesEuBanner...
You put:
CookiesEuBanner.prototype.setCookie = function(name, value) {
var date = new Date();
date.setTime(date.getTime() + this.cookieTimeout);
document.cookie = name + '=' + value + ';expires=' + date.toGMTString() + ';path=/' + ';secure;SameSite=Lax';
}
Tested it and it seems to work.
andrewholgate commented
Yes this is indeed going to be an issue in the near future as browsers impose more strict control on cookies.
Firefox flags this issue with the following warning:
Cookie “hasConsent” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute.
To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite