Console warnings in Chrome browser: A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute.

38 Comments

  • Jahmai Lay

    This is actually pretty serious. By all accounts, once Chrome 80 arrives, Zendesk will no longer load because of the absence of SameSite on the cookies. Could someone from Zendesk respond to this?

    https://www.chromium.org/updates/same-site

     

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Karen D Snyder,

    This is something our team of advocates will need to help you with due to the nature of this issue. I've gone ahead and created a ticket for you on your behalf. One of our agents will be with you shortly.

    Best regards.

    0
  • Jahmai Lay

    Hi Karen D Snyder can you provide any update from your interaction with Zendesk support? Thanks!

    0
  • Karen D Snyder
    Community Moderator

    I have not received any replies from Zendesk support on the ticket that was created. I wrote a comment on the ticket that I haven't received any updates from them.

    0
  • Jahmai Lay

    Thanks Karen D Snyder. I'll create a separate ticket, hopefully more is better.

    0
  • Karen D Snyder
    Community Moderator

    I'll report any information that I receive from them about the console warning. Presumably anybody who is using Chrome is getting this warning.

    0
  • Christian Oyarzun

    If you are using Chrome Dev Channel which is Chrome 80 you are no longer able to login Zendesk

    0
  • Karen D Snyder
    Community Moderator

    I got an answer from Zendesk support that their developers are addressing the console errors:

    "Our development team is currently working to resolve these warning messages. I'll be sure to update you here as they provide more information about their progress and any timelines to resolution."

    So in the meantime, sounds like don't update Chrome to version 80!

    2
  • Allen Hancock

    Following.

    0
  • Michael van Gelder-Horgan

    For those of us using dev/canary you can change a couple of flags as a temp solution:

     

     

     

    0
  • RAW DESK

    On behalf of Corporate CRM Kinepolis Belgium, I confirm this issue is still appearing also for our anonymous site vistors, having the Zendesk Chat widget available (embedded via JS snippet).

    Can anyone give us a current status of the announced fixed, after a month of inactivity in this thread ?

    Thanks upfront for your reply,

     

    0
  • Brett Bowser
    Zendesk Community Team

    @Raw Desk and Michael,

    It looks like this is an issue our developers are aware of and are currently working on a fix. No ETA of when this will be released, however, I'm going to create a ticket on your behalf so our Customer Advocacy team can gather more information.

    Cheers!

    0
  • Christian Oyarzun

    Hopefully the ETA is before Chrome version 80 is released on the stable channel.

    February 4, 2020: Chrome 80 Stable released. SameSite-by-default and SameSite=None-requires-Secure become default behavior for all users on Stable.

     

    0
  • Brian Correia

    Any updates on this?

    0
  • Marco Huaman

    Hi Brett,

     

    Thanks for the update a month ago, can we please get the latest update as we get close to February?

    Regards,

    Marco

    0
  • Brett Bowser
    Zendesk Community Team

    @Marco and Brian, thanks for checking in here! It looks like this is still being investigated by our security developer team so nothing to report quite yet.

    I'll be sure to update this post once I have more information to provide you. Appreciate your patience!

    0
  • Andrew Lathrop

    Hello Zendesk Team,

     

    Any update on this? We are now a week away from the Feb. 4th deadline and as of yet we haven't received any additional information about this cookie warning and it was originally reported to your team in Oct of 2019

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Andrew,

    This is something our developers are still looking into at this time. I'd be happy to get a ticket created on your behalf so you can receive an email update once we have more information to provide.

    Let me know!

    0
  • Mike Schiller

    We're getting pretty close to February. Any updates?

    0
  • Christian Oyarzun

    FWIW, I tried the logging in with the latest Chrome Dev channel v81 and it works. There are no longer warnings in the console.

    0
  • Brett Bowser
    Zendesk Community Team

    Thanks for sharing Christian Oyarzun!

    Mike Schiller can you confirm whether or not Chrome Dev channel v81 works for you? 

    0
  • Mike Schiller

    I downloaded Chrome Beta (80.x), and it does work.

    0
  • Paul. W

    Hi Brett Bowser,

    Can you confirm if your developers are still working on this issue ? and if they have found any problems so far.

     

    Regards,

    Paul. W - Service and Operations

    Kallysoft Informatik AG

     

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Paul,

    This is definitely something our developers are still looking into and we do have a Problem Ticket created related to this. I see you have a ticket open with our Customer Advocacy team so I'll get that attached to the PT we have so you receive an update when available.

    Thanks for checking in!

    0
  • Dave Kaminsky

    The Google roll out to chrome is looming, any updates here? 

     

    -Dave

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Dave,

    Our Dev team is testing some changes with Chrome on their end but no further updates to provide at this time.

    0
  • Mike Murray

    So, these cookies are now actively being blocked by Chrome

    A cookie associated with a cross-site resource at https://zdassets.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`.

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Mike Murray,

    I've opened up a ticket on your behalf so our Advocates can look into this issue. You should receive an email shortly followed by a reply from our team, and we appreciate your patience during this troubleshooting process. 

    Best regards. 

    0
  • Ryan

    We're noticing this affecting Chrome 81 users now, as well as Safari users.  Is there a timeline available for a fix for this?

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Ryan,

    A workaround that you can do to resolve this issue is by setting the Chrome://flags/#same-site-by-default-cookies flag to disabled for the meantime.

    We currently need to disable SameSite default by cookies, because Chrome rolled out an update that blocks cookies without cross-site requests if they are not set with ‘SameSite=None’ and ‘Secure.’ However, last April 3, they recently did a rollback of this update for Chrome 80 in light of global circumstances due to COVID-19. For more details about it, you may check this article: Chrome's SameSite Updates

    I hope this helps! Let me know if you have further questions or clarifications.

    Best regards,

    -1

Please sign in to leave a comment.

Powered by Zendesk