Console warnings in Chrome browser: A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute.

36 Comments

  • Jahmai Lay
    Comment actions Permalink

    This is actually pretty serious. By all accounts, once Chrome 80 arrives, Zendesk will no longer load because of the absence of SameSite on the cookies. Could someone from Zendesk respond to this?

    https://www.chromium.org/updates/same-site

     

    0
  • Devan
    Comment actions Permalink

    Hello Karen D Snyder,

    This is something our team of advocates will need to help you with due to the nature of this issue. I've gone ahead and created a ticket for you on your behalf. One of our agents will be with you shortly.

    Best regards.

    0
  • Jahmai Lay
    Comment actions Permalink

    Hi Karen D Snyder can you provide any update from your interaction with Zendesk support? Thanks!

    0
  • Karen D Snyder
    Comment actions Permalink

    I have not received any replies from Zendesk support on the ticket that was created. I wrote a comment on the ticket that I haven't received any updates from them.

    0
  • Jahmai Lay
    Comment actions Permalink

    Thanks Karen D Snyder. I'll create a separate ticket, hopefully more is better.

    0
  • Karen D Snyder
    Comment actions Permalink

    I'll report any information that I receive from them about the console warning. Presumably anybody who is using Chrome is getting this warning.

    0
  • Christian Oyarzun
    Comment actions Permalink

    If you are using Chrome Dev Channel which is Chrome 80 you are no longer able to login Zendesk

    0
  • Karen D Snyder
    Comment actions Permalink

    I got an answer from Zendesk support that their developers are addressing the console errors:

    "Our development team is currently working to resolve these warning messages. I'll be sure to update you here as they provide more information about their progress and any timelines to resolution."

    So in the meantime, sounds like don't update Chrome to version 80!

    2
  • Allen Hancock
    Comment actions Permalink

    Following.

    0
  • Michael van Gelder-Horgan
    Comment actions Permalink

    For those of us using dev/canary you can change a couple of flags as a temp solution:

     

     

     

    0
  • RAW DESK
    Comment actions Permalink

    On behalf of Corporate CRM Kinepolis Belgium, I confirm this issue is still appearing also for our anonymous site vistors, having the Zendesk Chat widget available (embedded via JS snippet).

    Can anyone give us a current status of the announced fixed, after a month of inactivity in this thread ?

    Thanks upfront for your reply,

     

    0
  • Brett - Community Manager
    Comment actions Permalink

    @Raw Desk and Michael,

    It looks like this is an issue our developers are aware of and are currently working on a fix. No ETA of when this will be released, however, I'm going to create a ticket on your behalf so our Customer Advocacy team can gather more information.

    Cheers!

    0
  • Christian Oyarzun
    Comment actions Permalink

    Hopefully the ETA is before Chrome version 80 is released on the stable channel.

    February 4, 2020: Chrome 80 Stable released. SameSite-by-default and SameSite=None-requires-Secure become default behavior for all users on Stable.

     

    0
  • Brian Correia
    Comment actions Permalink

    Any updates on this?

    0
  • Marco Huaman
    Comment actions Permalink

    Hi Brett,

     

    Thanks for the update a month ago, can we please get the latest update as we get close to February?

    Regards,

    Marco

    0
  • Brett - Community Manager
    Comment actions Permalink

    @Marco and Brian, thanks for checking in here! It looks like this is still being investigated by our security developer team so nothing to report quite yet.

    I'll be sure to update this post once I have more information to provide you. Appreciate your patience!

    0
  • Andrew Lathrop
    Comment actions Permalink

    Hello Zendesk Team,

     

    Any update on this? We are now a week away from the Feb. 4th deadline and as of yet we haven't received any additional information about this cookie warning and it was originally reported to your team in Oct of 2019

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Andrew,

    This is something our developers are still looking into at this time. I'd be happy to get a ticket created on your behalf so you can receive an email update once we have more information to provide.

    Let me know!

    0
  • Mike Schiller
    Comment actions Permalink

    We're getting pretty close to February. Any updates?

    0
  • Christian Oyarzun
    Comment actions Permalink

    FWIW, I tried the logging in with the latest Chrome Dev channel v81 and it works. There are no longer warnings in the console.

    0
  • Brett - Community Manager
    Comment actions Permalink

    Thanks for sharing Christian Oyarzun!

    Mike Schiller can you confirm whether or not Chrome Dev channel v81 works for you? 

    0
  • Mike Schiller
    Comment actions Permalink

    I downloaded Chrome Beta (80.x), and it does work.

    0
  • Paul. W
    Comment actions Permalink

    Hi Brett - Community Manager,

    Can you confirm if your developers are still working on this issue ? and if they have found any problems so far.

     

    Regards,

    Paul. W - Service and Operations

    Kallysoft Informatik AG

     

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Paul,

    This is definitely something our developers are still looking into and we do have a Problem Ticket created related to this. I see you have a ticket open with our Customer Advocacy team so I'll get that attached to the PT we have so you receive an update when available.

    Thanks for checking in!

    0
  • Dave Kaminsky
    Comment actions Permalink

    The Google roll out to chrome is looming, any updates here? 

     

    -Dave

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Dave,

    Our Dev team is testing some changes with Chrome on their end but no further updates to provide at this time.

    0
  • Mike Murray
    Comment actions Permalink

    So, these cookies are now actively being blocked by Chrome

    A cookie associated with a cross-site resource at https://zdassets.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`.

    0
  • Devan
    Comment actions Permalink

    Hello Mike Murray,

    I've opened up a ticket on your behalf so our Advocates can look into this issue. You should receive an email shortly followed by a reply from our team, and we appreciate your patience during this troubleshooting process. 

    Best regards. 

    0
  • Ryan
    Comment actions Permalink

    We're noticing this affecting Chrome 81 users now, as well as Safari users.  Is there a timeline available for a fix for this?

    0
  • Devan
    Comment actions Permalink

    Hello Ryan,

    A workaround that you can do to resolve this issue is by setting the Chrome://flags/#same-site-by-default-cookies flag to disabled for the meantime.

    We currently need to disable SameSite default by cookies, because Chrome rolled out an update that blocks cookies without cross-site requests if they are not set with ‘SameSite=None’ and ‘Secure.’ However, last April 3, they recently did a rollback of this update for Chrome 80 in light of global circumstances due to COVID-19. For more details about it, you may check this article: Chrome's SameSite Updates

    I hope this helps! Let me know if you have further questions or clarifications.

    Best regards,

    -1

Please sign in to leave a comment.

Powered by Zendesk