Doesn't work in chrome anymore after february 2020
rayan-nativex opened this issue · 0 comments
Please check
https://digiday.com/media/what-is-chrome-samesite/
What is the change?
Google first announced in May last year that cookies that do not include the “SameSite=None” and “Secure” labels won’t be accessible by third parties, such as ad tech companies, in Chrome version 80 and beyond. The Secure label means cookies need to be set and read via HTTPS connections.
Right now, the Chrome SameSite cookie default is: “None,” which allows third-party cookies to track users across sites. But from February, cookies will default into “SameSite=Lax,” which means cookies are only set when the domain in the URL of the browser matches the domain of the cookie — a first-party cookie.
Any cookie with the “SameSite=None” label must also have a secure flag, meaning it will only be created and sent through requests made over HTTPs. Meanwhile, the “SameSite=Strict” designation restricts cross-site sharing altogether, even between different domains that are owned by the same publisher.
Mozilla’s Firefox and Microsoft’s Edge say they will also adopt the SameSite=Lax default.
Why is Google making this update?
Third-party cookies can make people vulnerable to malicious tracking, data leakage and can also make them susceptible to what are known as cross-site request forgery attacks. A user might click on a nefarious link in an email that allows a bad actor the ability to log into their banking website, for example.
“In order to move the web ecosystem to a more healthy place, we are changing the default behavior for when SameSite is not specified to automatically default to a more secure option rather than a less secure option,” said a Google spokesperson.